Microsoft's Emergency Patch fails to fix PrintNightmare RCE bugs

Microsoft releases a patch, but game-over code execution attacks are still possible

Microsoft released particular emergency patchPrintNightmare vulnerability is not fixed even when the patch is installed.

On June 6, the Windows creator Microsoft issued an emergency update to address the flaw disclosed by Hong Kong cybersecurity firm Sangfor. The issue was related to two bugs initially thought to be one flaw and dubbed PrintNightmare by security researchers[1].

Microsoft hurried to create an emergency patch for the PrintNightmare, a set of two critical remote code execution (RCE) vulnerabilities in the Windows Print Spooler service that hackers can use to take over an infected system. However, the new product seems to be disappointing as even more fixes are necessary before all Windows systems affected by the bug are completely protected and safe[2].

Microsoft has expanded patches for bugs nicknamed PrintNightmare for Windows 10 version 1607, Windows Server 2012, and Windows Server 2016. However, it seems that won't be enough as it has come to light that the fix for the remote code execution exploits in the Windows Print Spooler service can be bypassed in certain scenarios, effectively defeating the security protections and permitting attackers to run arbitrary code on infected systems.

Printing mechanism vulnerabilities leave system's security at risk

Microsoft Windows' printing mechanism is put at risk as recent vulnerabilities enable threatening attacks to gain full control of all environments that enable printing. Microsoft took the matter very seriously and didn't wait long to classify bugs as critical.

However, a patch that should have fixed all problems only diminishes one of them. Therefore, the door is wide open for further threats and attacks on any print-related system.

Windows released the security update that now we know is incomplete for Windows Servers, and the company communicated that updates should be installed as soon as possible as the situation is urgent[3].

It is detailed that in order to secure the system, every user should confirm that the following registry settings are set to 0 (zero) or are not defined. Additionally, every user should configure the RestrictDriverInstallationToAdministrators registry value to prevent non-administrators from installing printer drivers on a print server. Alternatively, disabling Print Spooler could be an option too, even if it's quite a drastic one.

Security issues fail to leave Windows alone

Security threats fail, and bugs seem to follow Windows as more and more updates roll out. With every update, it is important to remember to keep the system fully protected from hackers, spyware, and viruses[4]. Windows 10 suggest various of ways that could be beneficial in order to keep computer safe and sensitive data getting around.

Enabling the system's firewall and antivirus shouldn't even be a question. It's a must step to take in order to protect your computer's system from any danger. However, there is more that could be done.

To turn off any tracking of behavior online, users can shut down stalkerware[5]. And of course, in case threatening situations do actually happen, it is smart to create a so-called save point, from which your whole system could be restarted again.

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

Ugnius Kiguolis is a professional malware analyst who is also the founder and the owner of 2-Spyware. At the moment, he takes over as Editor-in-chief.

Contact Ugnius Kiguolis
About the company Esolutions

References
Files
Software
Compare