A signage of Microsoft is observed on March 13, 2020, in New York Town. Security researchers are even now assessing a patch for a vulnerability in Windows Print Spooler produced July 6. (Photo by Jeenah Moon/Getty Photos)
Microsoft on Tuesday released an crisis patch on the so-identified as PrintNightmare vulnerability that attacked the Windows Print Spooler support (CVE-2021-34527), a fix that some security researchers are nevertheless evaluating.
John Hammond, a senior security researcher at Huntress, reported his workforce has validated the new patch on Windows 21H1 Enterprise and observed that although it has stopped neighborhood privilege escalation, the vulnerability nevertheless succeeds on Windows servers. On the other hand, Hammond stated the “seemingly partial fix” does seem to protect against remote code execution.
According to Microsoft’s hottest update on July 6, updates are not still offered for Windows 10 version 1607, Windows Server 2016, or Windows Server 2012. The software program maker explained security updates for these versions of Windows will be unveiled shortly. “So much, we have not seen an all-encompassing patch situation that stops nearby privilege escalation, stops remote code execution, and enables printing,” Hammond reported.
Security pros ought to make the most up-to-date Microsoft patch a significant priority, recommended Joseph Carson, main security scientist and advisory CISO at ThycoticCentrify, who termed PrintNightmare a “massive security vulnerability.”
Carson explained that if a malicious attacker had an first foothold on a business network, the units were being publicly accessible and ended up not patched against PrintNightmare, then the attacker could elevate to a domain admin and fully pwn the entire network with just a several modest methods.
“This could guide to a catastrophic security incident this kind of as data theft, money fraud, or ransomware,” Carson explained. “The vulnerability influences most versions of Windows devices and it is critical to guarantee your Windows atmosphere is patched ASAP, in particular critical servers and devices.”
Charles Ragland, security engineer at Digital Shadows, reported that the patch doesn’t stop an attacker who has already compromised a machine from continuing to abuse this vulnerability.
“Microsoft at present suggests that the print spooler services be manually disabled as a workaround right up until a far more comprehensive remedy is observed,” Ragland explained. “This incident is an great illustration of why unused companies should be disabled or limited. With an exploit publicly out there and a entire solution not produced, businesses should really watch this intently and update as fixes develop into offered.”
For lots of corporations, news of this vulnerability could not have come at a even worse time, extra ThycoticCentrify’s Carson.
“If you are also a Kaseya purchaser, then your patching capability is also impacted,” he reported. “So, yes, for many organizations it is a authentic nightmare and a single that will continue to keep a lot of CISO’s and security teams up at evening seeking to figure out how to patch all those susceptible systems and reduce attackers from turning Print Spooler into a area admin compromise.”
Some pieces of this posting are sourced from: