Simply days after Microsoft sounded the alarm on an unpatched security vulnerability in the Windows Print Spooler assistance, however one more zero-day flaw in the identical part has appear to gentle, earning it the fourth printer-related flaw to be identified in new weeks.
“Microsoft Windows will allow for non-admin users to be able to put in printer motorists by means of Position and Print,” CERT Coordination Center’s Will Dormann reported in an advisory printed Sunday. “Printers set up by means of this strategy also put in queue-precise information, which can be arbitrary libraries to be loaded by the privileged Windows Print Spooler procedure.”
An exploit for the vulnerability was disclosed by security researcher and Mimikatz creator Benjamin Delpy.
#printnightmare – Episode 4You know what is superior than a Legit Kiwi Printer ?🥝Another Legit Kiwi Printer…👍No prerequiste at all, you even will not will need to signal motorists/package🤪 pic.twitter.com/oInb5jm3tE
— 🥝 Benjamin Delpy (@gentilkiwi) July 16, 2021
Specially, the flaw allows a risk actor to execute arbitrary code with Procedure privileges on a vulnerable Windows equipment by connecting to a destructive print server below their regulate.
While there is no resolution to the dilemma, CERT/CC recommends configuring “PackagePointAndPrintServerList” to reduce the set up of printers from arbitrary servers and blocking outbound SMB visitors at the network boundary, presented that public exploits for the vulnerability benefit from SMB for connectivity to a malicious shared printer.
The new issue is only the most up-to-date evidence of the fallout soon after the PrintNightmare flaw accidentally became public very last thirty day period, major to the discovery of a range of vulnerabilities affecting the Print Spooler provider.
Identified this article attention-grabbing? Abide by THN on Facebook, Twitter and LinkedIn to read additional special articles we put up.
Some components of this report are sourced from: