Microsoft PrintNightmare, a remote print server, has a hack that now gives any Windows user admin privileges to access a PC.
The Microsoft PrintNightmare security vulnerability has been bringing numerous problems to Windows users. And now, another flaw has been discovered.
As per Bleeping Computer, in June, a security researcher disclosed a vulnerability on Windows that goes by the name PrintNightmare or CVE-2021-34527. Back then, it provided remote code execution, along with the elevation of privileges on the Microsoft operating system.
Even as Microsoft attempted to fix the PrintNightmare security flaw with an updated patch, it still failed to stop the potential exploitation of hackers.
Researchers quickly figured out a way to bypass the recently rolled out fix. Thus, making the update useless.
Microsoft PrintNightmare Hack and Windows Admin Privileges
This time around, the PrintNightmare still carries alarming vulnerabilities, according to a recent study concerning it.
To be precise, a security researcher, who is also a Mimikatz creator, Benjamin Delpy, found a hack to allow anyone to have an admin privilege in a PC.
It is to note that Delpy still continues to study the PrintNightmare, wherein he still constantly shares bypasses to exploit the remote printer driver.
Microsoft PrintNightmare Hack: How it Works
Delpy was able to gain complete access to a PC by setting up the remote printer server at \\printnightmare[.]gentilkiwi[.]com, a website that allows users to download a hacked version of the driver.
Asu such, upon installing the hack, a person with an account that only has limited access could instantly get an admin privilege that can completely access a PC. That said, a corporate user can go on to control the PCs of other people.
It is to note that BleepingComputer tested the hack themselves and found the hack working as the security researcher said it does.
Microsoft PrintNightmare Hack: How to Stop
Now that it has been established that the remote printer server definitely allows any user to have admin access, Delpy also gave solutions to prevent such incidents from happening to other folks out there.
To make things easier, CERT outlined the quick fix in their advisory. And to cut to the chase, here is one of them.
One way of combating the exploit involves the disabling of the Windows print spooler. It is to note that this method prevents all of the vulnerabilities that the PrintNighmare carries.
Start by opening the Command Prompt by clicking the Windows key on your keyboard and the X key simultaneously. Then, upon opening the program, enter this:
Stop-Service -Name Spooler -Force
Set-Service -Name Spooler -StartupType Disabled
However, applying this command will disable the remote printing service on your PC.
This article is owned by Tech Times
Written by Teejay Boris