by Nathan Ord — Monday, July 19, 2021

Another Print Spooler Vulnerability Becomes The Latest Windows 10 Security Nuisance


After the PrintNightmare vulnerability was found, the Windows Print Spooler and printer drivers were under the microscope. Now, yet another Print Spooler vulnerability has been discovered, allowing for code execution with SYSTEM privileges.

First disclosed yesterday, the new print spooler vulnerability was uncovered by researchers at Carnegie Mellon University. It stems from Windows allowing non-admin users to install printer drivers through a feature called “Point and Print.” However, Microsoft “requires that printers installable via Point are either signed by a WHQL release signature or are signed by a certificate that is explicitly trusted by the target system.”

Want to test #printnightmare (ep 4.x) user-to-system as a service?🥝
(POC only, will write a log file to system32)

connect to \\https://t.co/6Pk2UnOXaG with
- user: .\gentilguest
- password: password

Open 'Kiwi Legit Printer - x64', then 'Kiwi Legit Printer - x64 (another one)' pic.twitter.com/zHX3aq9PpM

— 🥝 Benjamin Delpy (@gentilkiwi) July 17, 2021
The problem arises from Windows printer drivers, which can designate queue-specific files associated with the use of the printer. These do not have any signature requirements and can be copied to a system through the Point and Print driver installation, which can then be used with SYSTEM privileges. What is concerning about this is that there is no “practical solution to this problem,” and an exploit is available online on Twitter, as shown above.

At present, the researchers suggest disabling outbound SMB traffic at the edge of your networks to prevent malicious SMB printers outside of your network. Furthermore, administrators can configure the “Package Point and Print - Approved servers” Group Policy that “can restrict which servers can be used by non-administrative users to install printers via Point and Print.” However, without an actual fix or mitigation, hopefully, Microsoft will push a patch shortly to fix this and other issues properly, as these vulnerabilities just keep printing out.
Tags:  Microsoft, Windows, SMB, (nasdaq:msft, printnightmare
  • Home
  • Reviews
  • News
  • Components
  • Systems
  • IT/Enterprise
  • Mobile
  • Leisure
  • Videos
  • Blogs
  • Home DOWNLOADED

  • Reviews DOWNLOADED

  • News DOWNLOADED

  • Components DOWNLOADED

  • Systems DOWNLOADED

  • IT/Enterprise DOWNLOADED

  • Mobile DOWNLOADED

  • Leisure DOWNLOADED

  • Videos DOWNLOADED

  • Blogs DOWNLOADED

  • Shop

  • Subscribe