Windows patch against PrintNightmare is useless

Just yesterday Microsoft released an emergency update, out of time, to mitigate this vulnerability in all your operating systems, even some, such as 7 or some of the first versions of Windows 10, which are no longer supported. This patch blocked the most serious, the RCE bug that allowed code to be remotely executed on affected computers. Unfortunately, the new patch released by Microsoft it’s no use, And it is that not a few hours have passed until they have shown how easy it is to dodge it.

Patch against PrintNightmare is ineffective

As usual, especially when it comes to such a serious security flaw and with so many exploits circulating as has happened with this one, as soon as Microsoft made the new patch public, they began to check if, indeed, the vulnerability was solved. And, unsurprisingly, it has not.

With a few simple changes to the exploits, it is possible to continue exploiting this security flaw without any problem. Hackers still can run code and gain privileges remotely even on computers and servers that have installed this new patch out of time.

At the moment, Microsoft has not made official statements about the uselessness of its new update. But security experts are clear about it: if you want to protect yourself from these security flaws, you have to take the necessary measures yourself.

Secure computers and check mitigation

There are several ways to mitigate these problems. One of the easiest and fastest is to use the PowerShell console, as an administrator, and run the following commands:

  • Stop-Service -Name Spooler -Force
  • Set-Service -Name Spooler -StartupType Disabled

We can also do it from group policies. In «Computer Configuration> Administrative Templates> Printers» we will double click on «Allow Print Job Manager to Accept Client Connections»And we will mark this directive as«Deactivated».

We must also ensure that the following registry entries, within HKEY_LOCAL_MACHINE> SOFTWARE> Policies> Microsoft> Windows NT> Printers> PointAndPrint, have a value of zero:

  • NoWarningNoElevationOnInstall
  • NoWarningNoElevationOnUpdate

We remind you that 0Patch has an unofficial patch that does block these computer attacks. However, if we have installed the Microsoft patch (which is useless), this modifies the library “localspl.dll”, so the 0Patch patch stops working. Great care.

Now we can only wait until next week, Patch Tuesday, to see if Microsoft releases a second update with which to try to mitigate these PrintNightmare vulnerabilities. And if this second update really does any good.

Related Articles