Last week the Cybersecurity and Infrastructure Security Agency (CISA) urged administrators to disable the Windows Print Spooler service in domain controllers and systems that don’t print. In the event it turned out to be a bit of both. The problem was exacerbated by confusion around whether PrintNightmare was a known, patched problem or an entirely new problem. PrintNightmare allows a standard user on a Windows network to execute arbitrary code on an affected machine, and to elevate their privileges as far as domain admin, by feeding a vulnerable machine a malicious printer driver. Serious problemįor Microsoft to publish an out-of-band patch a week before July’s Patch Tuesday shows just how serious the problem is. Yesterday, Microsoft issued a set of out-of-band patches that sets that aims to set that right by fixing the Windows Print Spooler Remote Code Execution vulnerability listed as CVE-2021-34527. After June’s Patch Tuesday, researchers found that the patch did not work in every case, most notably on modern domain controllers. Last week we wrote about PrintNightmare, a vulnerability that was supposed to be patched but wasn’t.
0 kommentar(er)
