Microsoft Emergency Patch Fails to Fix Exploitation of PrintNightmare Zero-Day Vulnerability [UPDATE]

Microsoft Emergency Patch Update Fails to Fix Exploitation of PrintNightmare Zero-Day Vulnerability [UPDATE]
Getty Image: VCG

The Microsoft emergency patch update could not combat the exploitation of PrintNightmare Zero-Day Vulnerability, which means that attacks could still happen.

Microsoft Emergency Patch Update

On Tuesday, June 6, the IT giant launched an emergency patch update to fix PrintNightmare Zero-Day Vulnerability. However, Microsoft's solution to the flaw failed to deliver its promise.

According to Ars Technica, the system update was supposed to fully fix the critical flaw in every supported version of Windows, allowing attackers to take over users' infected systems. With this, attackers could start running codes of their choice to manipulate the entire PC.

In a tweet, Benjamin Delpy, a developer of Mimikatz, said that he is currently dealing with strings and filenames, and that it is a challenging task.

What Is PrintNightmare Zero-Day Vulnerability?

The threat, labeled as PrintNightmare Zero-Day Vulnerability, comes from several bugs within the Windows Print Spooler. It is an application that provides printing functions for local networks.

Its proof-of-concept exploit code was suddenly released to the public, making it available for everyone to see. The company pulled it back upon noticing the leak, but not before attackers had the chance to copy it.

Researchers call the PrintNightmare Zero-Day Vulnerability CVE-2021-34527.

Will Dormann, a senior vulnerability analyst from CERT Coordination Center, stated via the report that the PrintNIghtmare Zero-Day Vulnerability is the biggest deal he has dealt with over a long time.

Dormann added that publicly exploited codes for unpatched vulnerabilities that could compromise a Windows controller are terrible news.

As soon as the flaw came to light, Microsoft immediately published an emergency patch update to fix it on Tuesday, June 6. According to the IT company, the update will fully address the vulnerability. But on Wednesday, June 7, after 12 hours of releasing the update, one researcher showed that the exploits could bypass Microsoft emergency patch update.

Read More: Microsoft Publicly Confirms Signing a Malicious Malware Drive Called 'Netfilter'

Similar Microsoft Vulnerability

Microsoft's incomplete patch is the most recent gaffe that involved the PrintNightmare Zero-Day Vulnerability.

In June, the company's monthly patch successfully fixed another vulnerability - CVE-2021-1675, a print spooler bug allowing hackers to gain admin privileges.

Eventually, the researchers who discovered the June flaw determined that the PrintNightmare Zero-Day Vulnerability was similar to CVE-2021-1675.

Microsoft Emergency Security Update With Strengthened Restrictions

Based on the report, the new update installs a mechanism that allows Windows administrators to utilize more substantial restrictions whenever users install the printer software.

Before installing the July 6 update and other recent Windows Updates that contain protection against CVE-2021-34527, Ars Technica mentioned that the printer operator's security group might opt to install unsigned and signed printer drivers for their printer servers.

Additionally, admin groups such as printer operators will only install signed printer drivers.

Although Microsoft's Tuesday update is incomplete, it still offers a certain sense of meaningful protection to fight against various attacks that aim to exploit the Print Spooler vulnerability.

So far, there are currently no known cases of researchers that put their systems at risk.

This article is owned by Tech Times

Written by Fran Sanders

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics