Microsoft attempts again to plug the 'PrintNightmare' security hole

  • 13-August-2021

The current month's Patch Wednesday from Microsoft showed up with another fix for the incidentally published "PrintNightmare" zero-day vulnerability, which permits aggressors to manhandle the Windows Print Spooler service to remotely execute code at raised SYSTEM advantages.

The fix changes the Windows Point and Print driver installation behavior to require Administrator advantages by default.

Such a change could cause issues in enterprise environments where standard clients had the option to install printer drivers previously, Microsoft's Security Response Center warned.

"This change may impact Windows print clients in scenarios where non-elevated users were previously able to add or update printers," MSRC wrote.

"However, we strongly believe that the security risk justifies this change."

However, Mimikatz pen-test tool author Benjamin Delpy said Microsoft's August patch once again doesn't completely address the PrintNightmare vulnerability.

Deply proposed clients apply Group Policy Object rules to address the vulnerability instead.

Microsoft released a patch for "PrintNightmare" in July, however it was inadequate.

It is feasible to disable the changed default printer installation behaviour for Point and Print, however Microsoft suggests that clients don't do that.

Related Post

Facebook is allowing users to pick which posts the..

With benefits contracting of late, Facebook has be..

Pokémon Go and Pokémon UNITE will increment micr..

Pokémon Go, UNITE, and Café Mix will all see an ..