Cybersecurity (opens in new tab) researchers had expressed doubts about the efficacy of Microsoft’s recent PrintNightmare patch soon after it was released, and now there are reports of new proof-of-exploit code that circumvents the fix altogether.
PrintNightmare created havoc when it was accidentally disclosed (opens in new tab) by Chinese security researchers who put out a proof-of-concept exploit thinking the vulnerability in Windows Print Spooler had already been patched by Microsoft, which pushed the company to put out a new patch (opens in new tab) to address the remote code exploitation (RCE) vulnerability as well.
While security expert Kevin Beaumont believed (opens in new tab) the new patch didn’t plug the local privilege escalation (LPE) vulnerability in certain editions of Windows such as Windows Server 2012 R2 (opens in new tab), a new video (opens in new tab) by another researcher now demonstrates that both RCE and LPE vulnerabilities are still exploitable.
- Here’s our recommendations for the best small business printers (opens in new tab)
- We've put together a list of the best endpoint protection (opens in new tab) software
- Check our list of the best firewall apps and services (opens in new tab)
Patch the patch
Reporting on the findings of Benjamin Delpy, creator of popular post exploitation tool Mimikatz, The Register says (opens in new tab) that it’s how Microsoft checks for remote libraries in the PrintNightmare patch that offers an opportunity to work around the patch.
"They did not test it for real," Delpy bluntly told The Register, reportedly describing the issue as “weird from Microsoft.”
Microsoft however insists that while they are aware of the claims of the security researchers, and are testing them, they aren’t aware of any bypasses, avoiding answering The Register’s questions related to Delpy’s finding.
"If our investigation identifies additional issues, we will take action as needed to help protect customers," a Microsoft spokesperson told The Register.
- Protect your devices with these best antivirus software (opens in new tab)