By B.N. Frank
From Ars Technica:
Microsoft’s emergency patch fails to fix critical “PrintNightmare” vulnerability
Game-over code-execution attacks are still possible even after fix is installed.
An emergency patch Microsoft issued on Tuesday fails to fully fix a critical security vulnerability in all supported versions of Windows that allows attackers to take control of infected systems and run code of their choice, researchers said.
The threat, colloquially known as PrintNightmare, stems from bugs in the Windows print spooler, which provides printing functionality inside local networks. Proof-of-concept exploit code was publicly released and then pulled back, but not before others had copied it. Researchers track the vulnerability as CVE-2021-34527.
A big deal
Attackers can exploit it remotely when print capabilities are exposed to the Internet. Attackers can also use it to escalate system privileges once they’ve used a different vulnerability to gain a toe-hold inside of a vulnerable network. In either case, the adversaries can then gain control of the domain controller, which as the server that authenticates local users, is one of the most security-sensitive assets on any Windows network.
“It’s the biggest deal I’ve dealt with in a very long time,” said Will Dormann, a senior vulnerability analyst at the CERT Coordination Center, a nonprofit, United States federally funded project that researches software bugs and works with business and government to improve security. “Any time there’s public exploit code for an unpatched vulnerability that can compromise a Windows domain controller, that’s bad news.”
After the severity of the bug came to light, Microsoft published an out-of-band fix on Tuesday. Microsoft said the update “fully addresses the public vulnerability.” But on Wednesday—a little more than 12 hours after the release—a researcher showed how exploits could bypass the patch.
Dealing with strings & filenames is hard😉
New function in #mimikatz 🥝to normalize filenames (bypassing checks by using UNC instead of \servershare format)
So a RCE (and LPE) with #printnightmare on a fully patched server, with Point & Print enabled
— 🥝 Benjamin Delpy (@gentilkiwi) July 7, 2021
Accompanying Delpy’s tweet was a video that showed a hastily written exploit working against a Windows Server 2019 that had installed the out-of-band patch. The demo shows that the update fails to fix vulnerable systems that use certain settings for a feature called point and print, which makes it easier for network users to obtain the printer drivers they need.
Of course, over the years, numerous security experts have warned that 5G, Internet of Things (IoT) and other “Smart” technology applications are also totally vulnerable (see 1, 2, 3, 4, 5). Buyer beware!
Activist Post reports regularly about unsafe technology. For more information, visit our archives.
Provide, Protect and Profit from what’s coming! Get a free issue of Counter Markets today.