Microsoft emergency patch fails to address major printing vulnerability

It is possible for game code over-execution attacks to occur even after the modifier is installed. Microsoft's emergency patch released on Tuesday failed to completely fix critical vulnerabilities in all supported versions of Windows, allowing attackers to take control of themselves. Infect and execute the code of your choice.

The threat, known as PrintNightmare, is a Windows printer error that allows printing within local area networks. The proof-of-concept exploit law was publicly published and then withdrawn, but before others could copy it. Researchers are tracking this vulnerability as CVE-2021-34527.

Big deal

Attackers who can take advantage of the Internet printing feature are exposed. Attackers can also use it to bolster system privileges, when they use a different vulnerability to get their toes inside a vulnerable network. In both cases, enemies can take control of the domain, which, as a server authenticating local users, is one of the most sensitive assets on any Windows network.

“This is the biggest deal” Will Dorman, Senior Vulnerability Analyst at CERT Coordination Center, a federally funded US nonprofit project that investigates software bugs to improve security with businesses and government “Whenever there has been public abuse code "An unpatched vulnerability could threaten a Windows domain controller, that's bad news," he said, adding.

Microsoft Releases Bandwidth Troubleshooter Microsoft Update explains Tuesday, Microsoft said the update "fully addresses general vulnerabilities." But on Wednesday — 12 hours after release — a researcher showed how his violations can bypass debugging.

“Text strings and file names are hard to get,” Benjamin Delby, hacker and network tool developer Mimikatz and other software, wrote on Twitter.

Strings and filenames are hard to handle New functionality in #mimikatz to normalize filenames (bypass checks with UNC instead of \\ Q Rover \ subscription template) so RCE (and LPE) with #printnightmare on Fully patched server, enabled with Point & Print > zb5GAfWfd

j Benjamin Delpi (gentilkiwi) Jul 7, 2021

Delpy's accompanying tweet was a video showing a hacked use against Windows Server 2019 which installed an out-of-band patch. The demo states that it does not fix updates for vulnerable systems that use special settings for a feature called point and print, making it easier for network users to access required printer drivers. Announcements

Gap Disaster

The latest bug patch is the PrintNightmare vulnerability. Last month, Microsoft fixed the monthly CVE-2021-1675 class, a printing bug that allows hackers with a limited system on a device to increase the manager score. Microsoft attributed the discovery to Zhipeng Huo of Tencent Security, Piotr Madej of Afine, and Yunhai Zhang of Nsfocus.

A few weeks later, two different researchers - Zhiniang Peng and Xuefeng Li of Sangfor - released an analysis of CVE-2021-1675, which showed that it can be used not only to increase scores, but also to achieve the benefit of code execution by distance. The researchers named their interest PrintNightmare. Finally, the researchers found that PrintNightmare used a similar (but ultimately different) vulnerability to CVE-2021-1675. When Zhiniang Peng and Xuefeng Li learned of the confusion, they misused the proof of concept, but by then, their exploitation was already widespread. At least three PoC exploits are currently available to the public, some of which have capabilities beyond the original exploit limit.

Microsoft Troubleshooting protects Windows servers using virtual consoles or Windows 10 devices. Settings. Delpy's demo on Wednesday shows that PrintNightmare works against a wider range of systems, including those that have Point and Print enabled and have the NoWarningNoElevationOnInstall option selected. The researcher carried out the process in mimics.

Documents Required A mechanism that allows Windows administrators to impose stricter restrictions when users use the printer software to be installed.

“Before installing Windows July 6, 2021 and later updates that contain CVE-2021-34527 protection, Microsoft printer operators stated: “The security team can print both signed and unsigned printer drivers. After installing such updates, delegated administrative groups such as printer operators can only install signed printer drivers. To install unsigned printer drivers on the printer server, you need administrator credentials. "

Although the out of scope patch released on Tuesday is flawed, it still provides significant protection against various types of attacks that use print. Spooler vulnerabilities are still unknown. Researchers have reason to say that these systems are at risk, and if they are not changed, Windows users will have to install the patch from June and Tuesday and wait for Microsoft's next instructions. Company representatives did not immediately comment on the post.

Microsoft emergency patch fails to address major printing vulnerability
microsoft-emergency-patch-fails-to-address-major-printing.html Vaccines, reopening and worker rebellion: The great technological row is back in office

Vaccines, reopening and worker rebellion: The great technological row is back in office

CEOs want workers back to their desks. For employees and other virus programs. Across the United States, the leaders of tech giants like Apple, Google..., with the help of Google, squeezes malware, with the help of Google, squeezes malware

With a valid TLS certificate, faux Bravė.com can fool even the most secure of people. Malware that controls browsers and steals sensitive data.

... A privacy battle that Apple isn't fighting

A privacy battle that Apple isn't fighting

There are no browser-level privacy settings that California implements in Safari, iOS.

For at least a decade, privacy advocates have yearned ... Only 3G Kindles started their long and slow death this year

Only 3G Kindles started their long and slow death this year

3G 2021/2022 sunset affects even the eighth generation Kindle (2016).

On Wednesday, Amazon sent out an email notification to customers who pu... Huawei's latest flagship phone has HarmonyOS, Qualcomm SoC and lacks 5G

Huawei's latest flagship phone has HarmonyOS, Qualcomm SoC and lacks 5G

Faced with export bans and chip shortages, Huawei is ignoring what it can find.

Despite facing global chip shortage, US export ban and sharp ... Malicious PyPI packages steal developer data and inject code

Malicious PyPI packages steal developer data and inject code

The researchers warned that you should expect to see more malicious "Frankenstein" packages.

Open source packages estimated to have been down...