This new micropatch should fix Windows PrintNightmare issues once and for all

security
(Image credit: Shutterstock)

The long continuing saga of the PrintNightmare vulnerabilities could finally be coming to an end with the release of an unofficial patch.

While Microsoft did issue a new patch to address the remote code exploitation (RCE) vulnerability, cybersecurity researchers dismissed it as ineffective.

To address the concerns, Mitja Kolsek, co-founder of the 0patch micropatching service, has released a free micropatch that can finally put an end to the PrintNightmare saga.

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> <a href="https://project.tolunastart.com/tqsruntime/main?surveyData=LFFFsT0HpgsyUe0tTFumBJohXK8Sedt0ARpsCF4DRGR+oCoVbvd+2+d8+UNIIx4L" data-link-merchant="project.tolunastart.com"" target="_blank">Click here to start the survey in a new window <<

PrintNightmare came to light when it was disclosed accidentally by Chinese security researchers who put out a proof-of-concept exploit thinking the vulnerability in Windows Print Spooler had already been patched by Microsoft. 

Can of worms

Earlier this week, Benjamin Delpy, creator of popular post exploitation tool Mimikatz, has found a way to exploit the vulnerability in the Windows Print Spooler to enable any user to gain admin privileges on a vulnerable computer.

Breaking down Delpy’s exploit, Kolsek explains that although Windows asks all printer driver packages installed via Point and Print to be signed by a trusted source since 2016, Delpy found a way to include malicious executables outside of the signed package, which would then be run by the Print Spooler service.

Kolsek says this isn’t a trivial issue to fix, since adding signature requirements to queue-specific files is a code-intensive exercise.

“We therefore decided to implement the group policy-based workaround as a micropatch, blocking Point and Print printer driver installation from untrusted servers,” writes Kolsek while putting out his free patch that works on all active Windows releases, namely Windows Server 2008 R2 and above, as well as Windows 7 and above.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.