The long continuing saga of the PrintNightmare vulnerabilities (opens in new tab) could finally be coming to an end with the release of an unofficial patch.
While Microsoft did issue a new patch (opens in new tab) to address the remote code exploitation (RCE) vulnerability, cybersecurity (opens in new tab) researchers dismissed it (opens in new tab) as ineffective.
To address the concerns, Mitja Kolsek, co-founder of the 0patch micropatching service, has released a free micropatch (opens in new tab) that can finally put an end to the PrintNightmare saga.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
>> Click here to start the survey in a new window (opens in new tab) <<
- Here’s our recommendations for the best small business printers (opens in new tab)
- We’ve also curated the best inkjet printers (opens in new tab)
- These are the best laser printers (opens in new tab) in 2021
PrintNightmare came to light when it was disclosed accidentally (opens in new tab) by Chinese security researchers who put out a proof-of-concept exploit thinking the vulnerability in Windows Print Spooler had already been patched by Microsoft.
Can of worms
Earlier this week, Benjamin Delpy, creator of popular post exploitation tool Mimikatz, has found a way to exploit the vulnerability (opens in new tab) in the Windows Print Spooler to enable any user to gain admin privileges on a vulnerable computer.
Breaking down Delpy’s exploit, Kolsek explains that although Windows asks all printer driver packages installed via Point and Print to be signed by a trusted source since 2016, Delpy found a way to include malicious executables outside of the signed package, which would then be run by the Print Spooler service.
Kolsek says this isn’t a trivial issue to fix, since adding signature requirements to queue-specific files is a code-intensive exercise.
“We therefore decided to implement the group policy-based workaround as a micropatch, blocking Point and Print printer driver installation from untrusted servers,” writes Kolsek while putting out his free patch that works on all active Windows releases, namely Windows Server 2008 R2 and above, as well as Windows 7 and above.
- Take a look at our collection of the best all-in-one printers (opens in new tab)