Why you should update to the new PrintNightmare patch to avoid being hacked

Updating to the new patch doesn't guarantee a 100% protection but gives you a boost

Biola Kay
By Biola Kay 3 Min Read
PrintNightmare Patch

Microsoft recently released patches for more versions of Windows PC that were affected by the PrintNightmare bug and those who are yet to get the new patch are already falling victims of ransomware groups.

While updating to the new patches doesn’t guarantee 100% security, it obviously gets you ahead on the safer side of things. The out-of-band patches for Windows systems affected by two critical bugs were tracked as CVE-2021-1675 and CVE-2021-34527.

The company has however advised admins to disable the print spooler service until patches are applied. The first is a remote code execution flaw while the second is a local privilege escalation bug.

“Microsoft identified a security issue that affects all versions of Windows and have expedited a resolution for supported versions of Windows that will automatically be applied to most devices,” it said in an update on Wednesday

- Advertisement -

The company has now released patches for Windows 10 1607 for enterprise customers still on that version, plus Windows Server 2016 and Windows Server 2012.

While installing the security update, users that are not admins are restricted to installing signed print drivers to a print server while admins can install signed and unsigned printer drivers.

Admins also have the option to configure the ‘RestrictDriverInstallationToAdministrators’ registry setting to prevent non-administrators from installing signed printer drivers on a print server.

“Prior to installing the July 6, 2021, and newer Windows Updates containing protections for CVE-2021-34527, the printer operators’ security group could install both signed and unsigned printer drivers on a printer server,” Microsoft notes in an advisory

“After installing such updates, delegated admin groups like printer operators can only install signed printer drivers. Administrator credentials will be required to install unsigned printer drivers on a printer server going forward.”

CISA’s advice for this bug is available here

Will Dormann who is a security researcher further notes that certain registry settings that are meant to mitigate the big don’t prevent local privilege escalation (LCE or remote execution (RCE)

However, via The Register, the creator of the Mimikatz penetrating testing kit, said he has found a way to bypass the patch on systems by using UNC or the Universal Naming Convention (UNC) string, which is used to point to shared files or devices. Reportedly, Microsoft’s patch for CVE-2021-34527 improperly checks remote libraries; it doesn’t check for UNC for pointing to remote files. 

You Might Also Like

Windows 11 continues to get better thanks to these new updates

Microsoft partners with HowLongToBeat while also enhancing the load time of the Xbox app for Windows platform

Microsoft Defender for Individual is now part of Microsoft 365 and you’ll need to subscribe to use it

Is using VPN at your home really necessary?

Microsoft places a compatibility hold on some users to block them from upgrading to Windows 11

TOPIC
Avatar photo
By Biola Kay
Follow:
An avid tech master in the heart of Africa. Kay is a constant tech contributor on Brumpost where he narrates the latest happenings in the tech space within the African continent from an African's point of view. You can learn more about Gadget hacks and How-to Fix your appliances, He also writes about Gadget hacks and How-to Fix your appliances.
Leave a comment
- Advertisement -
- Advertisement -
Global Coronavirus Cases

Confirmed

0

Death

0

More Information:Covid-19 Statistics

THE SUNDAY BYTE

Subscribe to get access to weekly tech industry updates, reports, insiders’ insights, best product Bargains and so much more every Sunday

By signing up, you agree to our Terms of Use and Privacy Policy. You may unsubscribe at any time.
Lost your password?