The PrintNightmare vulnerability has turned out to be a big issue for Windows system users and the cybersecurity community. On Tuesday, Microsoft seemed to have finally addressed this flaw with the release of the KB5004945 update, though things might not turn out as expected.
Just hours after the release of this update, researchers Matthew Hickey and Will Dormann discovered that the company only fixed the existing remote code execution component in PrintNightmare. This means that threat actors could continue to abuse the local privilege escalation bug related to this flaw to gain SYSTEM access to vulnerable implementations, most of them earlier versions of Windows.
As if that weren’t enough, over time more independent researchers and security firms discovered that it is even possible to modify the exploits known for this flaw in order to successfully complete the two attacks in the updated versions.
One of the reports mentions that, to dodge the patch and realize the two attacks, it is only necessary to enable the Windows system policy known as “Point and Print Restrictions”, in addition to disabling the option to display a security alert when installing drivers for a new connection.
In this regard, Hickey maintains that the best option to prevent an attack is still to disable the Print Spooler service, which will keep vulnerable Windows system deployments protected until the company announces the release of a functional security patch.
Finally, experts recommend avoiding the latest update from Microsoft in case users have resorted to other mitigation measures against PrintNightmare.
Finally, experts recommend avoiding the latest Microsoft update in case users have resorted to other mitigation measures against PrintNightmare: “If you are using other security patches, do not apply the Microsoft security patch, as this would modify the ‘localspl.dll’ file, disabling other security measures,” Hickey concludes.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.