With the latest security update for August 2021 (see, e.g., Patchday: Windows 10-Updates (August 10, 2021)) Microsoft fixed the PrintNightmare issue so that administrator rights are required for point-and-print printer installation. Admin rights are required after August Update
Microsoft currently recommends disabling the printer spooler service again.
The list of links at the end of the article summarizes blog posts on the topic. In particular, the function called Point-and-Print, which allows users to install printer drivers, can be abused for attacks. However, these attempts have failed so far, and the PrintNightmare vulnerability has been incompletely patched. Microsoft has been trying to fix the PrintNightmare vulnerability through updates since early July 2021 (see the list of links at the end of the article).
This includes installing programs, viewing, modifying or deleting data, or creating new accounts with full user privileges. It is a Remote Code Execution (RCE) vulnerability that could allow an attacker to execute arbitrary code with SYSTEM privileges. In early July 2021, I had reported the CVE-2021-1675 vulnerability in the Windows print spooler in the blog post PoC for Windows print spooler vulnerability public, high RCE risk.
0 kommentar(er)
