The patch against the PrintNightmare vulnerability released by Microsoft is probably not as good as one would wish. Security researchers have already managed to completely bypass its fixes.
The vulnerability, listed as CVE-2021-34527, basically allows for two parallel attacks: a Remote Code Execution (RCE), which is the injection and execution of foreign code, and a Local Privilege Escalation (LPE), which is the extension of privileges for the attacker. Microsoft focused primarily on the RCE exploit in its warning about the problem.
Microsoft’s developers gave little credit to the LPE portion of the PrintNightmare vulnerability, which the discoverers from Carnegie Mellon University’s CERT had already helped to work out. This is now reflected in the result of the patch. The release notes already showed that the patch was mainly intended to fix the problems that allowed code to be injected while the privilege escalation was not touched.
ByPass Must Be Avoided
This has now led to several security experts being able to develop proof-of-concept exploits that also work on fully patched systems. So, in this respect, no user should feel safe who updated their Windows systems immediately after the release of the latest updates.
In view of the information available so far and the speed with which the security experts have been able to identify the problems that still exist, it can be assumed that a comparable level of knowledge also exists among criminals. It should therefore hardly be long before malware appears in the wild that exploits the PrintNightmare vulnerabilities bypassing the patch.
Microsoft would therefore be well advised to provide an improved patch as soon as possible. Until then, administrators should disable the Windows Print Spooler service via group policies. However, in networked work environments, this can mean that printing functionality remains restricted for some users for the time being – which is a bearable problem compared to a successful attack.
Manager at Research Snipers, RS-NEWS, Digital marketing enthusiast and industry professional in Digital technologies, Technology News, Mobile phones, software, gadgets with vast experience in the tech industry, I have a keen interest in technology, News breaking.