Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11PrintNightMare vulnerability patch is flawed, attackers can still 'break through'
However, this urgently released patch still exposes flaws.
Microsoft only fixed the remote code exploit, which means the vulnerability can still be used for local privilege escalation (LPE). In addition, hackers soon discovered that this vulnerability could still be exploited remotely.
According to Mimikatz expert Benjamin Delpy, hackers can bypass the patch to gain SYSTEM permissions if the Point and Print policy is enabled.
This has been confirmed by Will Dorman, CERT/CC vulnerability analyst.
To bypass the PrintNightmare patch and achieve RCE and LPE, the 'Point and Print Restrictions' policy must be enabled and the 'When installing drivers for a new connection' setting configured to 'Do not show warning on elevation prompt'.
Currently, security researchers recommend that administrators disable the Print Spooler service until all problems are completely fixed or block remote printing to the machine through Group Policy.
You can follow these steps to disable the Print Spooler service through PowerShell:
- Open PowerShell as Administrator
- Stop-Service -Name Spooler -Force
- Set-Service -Name Spooler -StartupType Disabled
Alternatively, you can send to remote printing to the machine via Group Policy by performing the following steps:
- Open Group Policy Editor
- Go to Computer Configuration/ Administrative Templates/ Printers
- Disable the 'Allow Print Spooler to accept client connections:' policy
Microsoft has updated the MSRC listing to note that it is rolling out patches for Windows Server 2012, Windows Server 2016 and Windows 10, Version 1607. The company adds that for system security, users "must verify get the below registry setting set to 0 or undefined'.
HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows NTPrinters PointAndPrint
NoWarningNoElevationOnInstall = 0 (DWORD) or undefined (default install)
NoWarningNoElevationOnUpdate = 0 (DWORD) or undefined (default setting)
However, Dormann argued that 'NoWaringNoElevationOnInstall=0 did not prevent the exploit. The company also has not yet addressed the reports of other security research firms.
Kareem WintersYou should read it
- What is 'Spooler SubSystem App' and why run on the computer?
- How to restart the Print Spooler service on Windows
- How to fix Print Spooler Error on the printer
- Fix Printer Spooler error code 0x800706b9 on Windows 10
- Fix the spooler print service service not running on Windows 10, 8.1, 7
- Discover more ways to attack the printing system in Windows
- Relax with 3 ways to print in this simple reverse order
- How to print web pages without ads
May be interested
- Internet Explorer crashed extremely dangerous, Microsoft released an emergency patch
yesterday, microsoft had to release an emergency update to patch an extremely serious internet explorer vulnerability, even though the browser is no longer being used by users. - Discovered a new zero-day vulnerability on macOS that allows attackers to run commands remotelyan international team of security researchers has publicly disclosed a new vulnerability that exists in apple's macos finder.
- Discover more ways to attack the printing system in Windowson july 15, benjamin delpy, security researcher and innovator at mimikatz, revealed how to abuse the usual windows printer driver installation method to gain system local privileges through a malicious printer driver. .
- Dell computers became victims of RCE attacks by vulnerabilities in SupportAssistdell recently quietly released a new security update to patch the supportassist client software vulnerability, potentially allowing attackers to not authenticate on the same network access layer using executable malware from away from arbitrary privileges on the victim's computer.
- Detecting a new Linux vulnerability allows hackers to gain control of the VPN connectioninternational security researchers have found an entirely new linux vulnerability that allows potential attackers to hijack vpn connections on the device * nix and 'inject' the arbitrary data payload into it. tcp4 and ipv6 streams.
- Serious security vulnerability on AMD CPUs has been patchedusers need to update the microcode patch immediately to ensure security.
- Firefox releases urgent update to patch zero-day vulnerability being exploited by hackersmozilla has just released urgent updates for firefox 97.0.2, firefox esr 91.6.1, firefox for android 97.3.0 and focus 97.3.0 to fix two critical zero-day vulnerabilities being exploited by hackers.
- Microsoft releases urgent patch for printer error emergency patchthe patch for microsoft's printer vulnerability on windows again caused an error, forcing the company to issue another urgent patch.
- Detected a serious zero-day vulnerability in Microsoft Office, click the document file and it will stickthe newly discovered vulnerability is called follina and currently there is no official patch from microsoft.
- Detected critical zero-day vulnerability on Adobe Readeradobe has just released the may security update to patch security holes in 12 of their products. among them is a serious zero-day vulnerability in adobe reader that is being actively exploited by hackers.
Security solution
- Free Lorenz ransomware decryption tool helps victims recover stolen data
- 10 tips to keep cloud storage safe and secure
- What to do when you know your computer is infected with ransomware
- The security risks of RDP
- 4 recommendations to limit risks from ransomware
- How to Download and Install Bitdefender on Windows
Free Lorenz ransomware decryption tool helps victims recover stolen data
10 tips to keep cloud storage safe and secure
What to do when you know your computer is infected with ransomware
The security risks of RDP
4 recommendations to limit risks from ransomware
How to Download and Install Bitdefender on Windows