Digital Security Specialists Reveal PrintNightmare Patch is Fallible
Table of Contents
- By David Lukic
- Feb 02, 2022
Microsoft’s digital security team has released a patch for Windows versions impacted by PrintNightmare. However, those same digital security researchers have figured out how to bypass the patch, meaning it is only a matter of time until digital miscreants find the same workaround and wreak havoc.
PrintNightmare is the latest issue in what has been a steady stream of digital security vulnerabilities identified by Chinese tech aficionados. The Chinese researchers mistakenly revealed a proof-of-concept exploit as 2021 drew to a close, assuming the weakness had already been transmitted by others and subsequently patched by Microsoft.
What is PrintNightmare?
Chinese digital security specialists mistakenly disclosed an important zero-day bug within Windows dubbed PrintNightmare. Sangfor Technologies in Shenzhen revealed the weakness after confusion arose pertaining to a separate susceptibility pertaining to Print Spooler. This zero-day puts domain controller servers in harm’s way.
If hackers were to obtain remote control of such servers, ransomware specialists could use them to launch enterprise networks. Though Microsoft patched the vulnerability, it still presents an opportunity for cyber miscreants to wreak digital havoc.
Why is the Patch Weak?
The out-of-band patch provided by Microsoft isn’t nearly as formidable as originally anticipated. However, it must be noted the initial release of the patch was incomplete. The follow-up version applicable to remaining unpatched Windows servers and operating systems appeared to be much more effective. It took only a couple hours for digital security specialists to reveal proof-of-concept attacks on the patch, indicating it is susceptible to remote code execution as well as local privilege escalation that set the stage for digital infiltrations, identity theft, the freezing of systems until ransoms are paid, and additional damage.
What is the Exact Weakness?
Benjamin Delpy, the mastermind behind Mimikatz, indicates the underlying issues pertains to the Point and Print function that permits Windows clients to link up with a remote printer after installation media is added. In plain terms, this means an authenticated user has the potential to obtain administrator privileges on a computer running Print Spooler for arbitrary code. Such a vulnerability could jeopardize Windows domain controllers, providing digital criminals with an opportunity to infiltrate enterprise networks using harmful code or ransomware attacks.
What Does Microsoft’s Brass Have to Say About the Vulnerability?
Though Microsoft has admitted the digital security flaw is a legitimate weakness, the software giant doesn’t appear to have a lasting solution. Microsoft’s public relations specialists noted the security flaw toward the bottom of a recent advisory. However, the company has not successfully patched the vulnerability.
Microsoft’s official statement communicates Point and Print is not directly tied to the vulnerability, yet the tech reduces the efficacy of the local security posture in a manner that allows for exploitation. Microsoft representatives have also stated it is prudent to disallow the Point and Print feature for users who are non-administrators. The company’s public statements also indicate it is in the interest of users to double-check elevation and warning prompts to ensure they are displayed for printer updates and installations.