The Microsoft emergency patch update could not combat the exploitation of PrintNightmare Zero-Day Vulnerability, which means that attacks could still happen.
Microsoft Emergency Patch Update
On Tuesday, June 6, the IT giant launched an emergency patch update to fix PrintNightmare Zero-Day Vulnerability. However, Microsoft's solution to the flaw failed to deliver its promise.
According to Ars Technica, the system update was supposed to fully fix the critical flaw in every supported version of Windows, allowing attackers to take over users' infected systems. With this, attackers could start running codes of their choice to manipulate the entire PC.
In a tweet, Benjamin Delpy, a developer of Mimikatz, said that he is currently dealing with strings and filenames, and that it is a challenging task.
Dealing with strings & filenames is hard😉— 🥝 Benjamin Delpy (@gentilkiwi) July 7, 2021
New function in #mimikatz 🥝to normalize filenames (bypassing checks by using UNC instead of \\server\share format)
So a RCE (and LPE) with #printnightmare on a fully patched server, with Point & Print enabled
> https://t.co/Wzb5GAfWfd pic.twitter.com/HTDf004N7r
What Is PrintNightmare Zero-Day Vulnerability?
The threat, labeled as PrintNightmare Zero-Day Vulnerability, comes from several bugs within the Windows Print Spooler. It is an application that provides printing functions for local networks.
Its proof-of-concept exploit code was suddenly released to the public, making it available for everyone to see. The company pulled it back upon noticing the leak, but not before attackers had the chance to copy it.
Researchers call the PrintNightmare Zero-Day Vulnerability CVE-2021-34527.
Will Dormann, a senior vulnerability analyst from CERT Coordination Center, stated via the report that the PrintNIghtmare Zero-Day Vulnerability is the biggest deal he has dealt with over a long time.
Dormann added that publicly exploited codes for unpatched vulnerabilities that could compromise a Windows controller are terrible news.
As soon as the flaw came to light, Microsoft immediately published an emergency patch update to fix it on Tuesday, June 6. According to the IT company, the update will fully address the vulnerability. But on Wednesday, June 7, after 12 hours of releasing the update, one researcher showed that the exploits could bypass Microsoft emergency patch update.
Similar Microsoft Vulnerability
Microsoft's incomplete patch is the most recent gaffe that involved the PrintNightmare Zero-Day Vulnerability.
In June, the company's monthly patch successfully fixed another vulnerability - CVE-2021-1675, a print spooler bug allowing hackers to gain admin privileges.
Eventually, the researchers who discovered the June flaw determined that the PrintNightmare Zero-Day Vulnerability was similar to CVE-2021-1675.
Microsoft Emergency Security Update With Strengthened Restrictions
Based on the report, the new update installs a mechanism that allows Windows administrators to utilize more substantial restrictions whenever users install the printer software.
Before installing the July 6 update and other recent Windows Updates that contain protection against CVE-2021-34527, Ars Technica mentioned that the printer operator's security group might opt to install unsigned and signed printer drivers for their printer servers.
Additionally, admin groups such as printer operators will only install signed printer drivers.
Although Microsoft's Tuesday update is incomplete, it still offers a certain sense of meaningful protection to fight against various attacks that aim to exploit the Print Spooler vulnerability.
So far, there are currently no known cases of researchers that put their systems at risk.
This article is owned by Tech Times
Written by Fran Sanders