Tech

Microsoft is deploying an emergency patch to end the “PrintNightmare”

Deepak GuptaJuly 7, 2021

On July 6, Microsoft posted a patch for the most dangerous part of the PrintNightmare vulnerability.

On June 29, three researchers from the Sangfor company made the mistake of unleashing their method in the wild to exploit a loophole they themselves named PrintNightmare. They pulled their documentation off the Internet within hours, but the damage was already done. In the following days, malicious individuals began to take advantage of this vulnerability present in the print spooler, a program activated by default in all Windows systems, responsible for translating user commands to printers.

This vulnerability falls into the category of RCE, that is to say, it allows an outside hacker to execute code on the victim’s machine. In this case, it even made it possible to go back to the Active Directory, a sort of control tower for Windows networks. In other words: millions of machines were vulnerable to a dangerous flaw.

The printers do not work and in addition the programs necessary for their operation contain vulnerabilities. // Source: Office Space

First, Microsoft and several private companies deployed “mitigation” measures to prevent the exploitation of the flaw. The most radical of them? Disable the spooler… which prevents all users on the network from printing their documents.

These mitigation measures were only intended to limit the damage pending the deployment of a patch from Microsoft. The publisher finally managed to publish it, more than a week later, on July 6. He deployed it urgently since “patch Tuesday” during which the publisher gathers all its fixes will not arrive until July 12.

A half-repaired flaw

Deployed as quickly as possible, the patch is imperfect, as noted by the Bleeping Computer. It covers the vast majority of versions of Windows but is not available – temporarily – for a few, such as Windows Server 2016.

Then, if the patch prevents the use of the RCE, it does not fix another bug included in the PrintNightmare, an LPE (for “local privilege escalation”). This additional vulnerability allows a member of the network to gain administrator rights on the system, and therefore to access documents that he should not see or to make unforeseen modifications. Although problematic, EPL is much less dangerous than RCE, since it must be launched from within the organization, which limits its use to more elaborate attack scenarios.

Now it’s up to the companies to manage the transition from mitigation to the Printnightmare patch. But like all vulnerabilities, it should continue to exist for many years to come, the fault of many outdated systems.

We have other articles that may interest you:
  1. PrintNightmare: oops, the patch deployed in an emergency by Microsoft does not work
  2. This is how well Microsoft Flight Simulator will run on Xbox Series
  3. Microsoft Flight Simulator will occupy 100 GB on Xbox and will have helicopters in 2022
  4. Windows 11: Microsoft revises minimum system requirements
  5. Windows 11: Microsoft will launch its new operating system on October 5
  6. Microsoft is getting rid of non-Windows 11 beta testers
Deepak GuptaJuly 7, 2021

Related Articles

The OLED iPad will look like a MacBook Pro (in price)

March 9, 2023

No, Huawei is not going to leave Europe despite its declining popularity

November 30, 2022

Tesla will integrate new generation steering wheels to its Model 3 and Model Y

August 30, 2022

Tired of Twitter? Why don’t you try Mastodon?

May 2, 2022