The current month’s Patch Wednesday from Microsoft showed up with another fix for the incidentally published “PrintNightmare” zero-day vulnerability, which permits aggressors to manhandle the Windows Print Spooler service to remotely execute code at raised SYSTEM advantages.
The fix changes the Windows Point and Print driver installation behavior to require Administrator advantages by default.
Such a change could cause issues in enterprise environments where standard clients had the option to install printer drivers previously, Microsoft’s Security Response Center warned.
“This change may impact Windows print clients in scenarios where non-elevated users were previously able to add or update printers,” MSRC wrote.
“However, we strongly believe that the security risk justifies this change.”
However, Mimikatz pen-test tool author Benjamin Delpy said Microsoft’s August patch once again doesn’t completely address the PrintNightmare vulnerability.
Deply proposed clients apply Group Policy Object rules to address the vulnerability instead.
Microsoft released a patch for “PrintNightmare” in July, however it was inadequate.
It is feasible to disable the changed default printer installation behaviour for Point and Print, however Microsoft suggests that clients don’t do that.