Microsoft issues emergency Windows patch for PrintNightmare vulnerability [Updated]

Update July 7, 2022 at 5:05 pm ET: Individuals are finding ways to go around Microsoft'due south patch, meaning PrintNightmare vulnerabilities remain an active issue. This article'south text has been updated to reflect new information.

Microsoft has issued a critical emergency patch for a flaw in the Windows Print Spooler service. The vulnerability is known as PrintNightmare. When exploited, it allows attackers to "install programs; view, change, or delete data; or create new accounts with full user rights," according to Microsoft. The problem is, reports are coming in indicating that the patch doesn't actually set up the entire event (come across below).

The security patch is bachelor for several versions of Windows 10, Windows 8.one, Windows Server 2022, Windows Server 20222 R2, Windows Server 2008, and Windows RT 8.i. It'due south also available for Windows 7, which is surprising because the operating system is out of support.

Updates for Windows ten version 1607, Windows Server 2022, and Windows Server 2022 are non available at this time but volition be released before long, according to Microsoft.

PrintNightmare was revealed later on researchers published a proof-of-concept exploit, seemingly by accident.

Microsoft'south executive summary of the vulnerability includes the following update (emphasis added):

UPDATE July half dozen, 2022: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please meet the Security Updates tabular array for the applicative update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for data on how to aid protect your organization from this vulnerability. Meet also KB5005010: Restricting installation of new printer drivers later on applying the July six, 2022 updates.

The fact the patch is bachelor for Windows 7 indicates the severity of the issue since Windows seven has been out of support since January 14, 2022. However, there'south one major trouble with Microsoft's efforts: They aren't enough to stop the threat.

Security researcher Matthew Hickey stated that Microsoft'southward ready merely patches up one element of the vulnerability (via BleepingComputer).

The Microsoft fix released for recent #PrintNightmare vulnerability addresses the remote vector - however the LPE variations withal function. These piece of work out of the box on Windows 7, 8, 8.1, 2008 and 2022 just require Indicate&Print configured for Windows 2022,2019,10 & xi(?). 🤦‍♂️ https://t.co/PRO3p99CFo

— hackerfantastic.crypto (@hackerfantastic) July 6, 2022

Via local privilege escalation, threat actors can all the same target vulnerabilities. Worse nevertheless, according to other reports, there are means for individuals to featherbed Microsoft's patch entirely and target vulnerable systems via remote lawmaking execution in addition to the aforementioned local privilege execution.

— 🥝 Benjamin Delpy (@gentilkiwi) July 7, 2022

0patch has released a patch that it claims is capable of defending confronting the problems Microsoft'south official patch cannot. However, installing Microsoft's July six patch will disable 0patch's benefits, so y'all'll have to go with one or the other.

We may earn a committee for purchases using our links. Acquire more.

Under assault

Stolen NVIDIA data is beingness used to bypass Windows security

Some of the data leaked by ransomware grouping Lapsus is being used by cyber attackers to bypass Windows security measures. Two code-signing certificates were leaked, which are now being used to make malicious files appear genuine.

Source: https://www.windowscentral.com/microsoft-issues-emergency-windows-patch-printnightmare-vulnerability

Posted by: blunthaideatel.blogspot.com

Share this post