On Tuesday morning Microsoft announced the release of a new security update that will modify the default operation of the Point and Print function in order to fully mitigate the risk of exploitation of PrintNightmare flaws. This feature was added with the Windows 2000 system and is activated by connecting to a print server to download and install the drivers required for this process.
A few weeks ago, security specialist Jacob Baines discovered that malicious hackers within an enterprise network could abuse the Point and Print feature to run a malicious print server and force Windows systems to download and install malicious drivers, which was relatively simple because Point and Print ran with SYSTEM user privileges.
The vulnerability was wrongly disclosed but Baines decided to present his findings in the latest edition of Def Con, as well as creating a tool to test networks potentially vulnerable to PrintNightmare exploitation.
Although Microsoft tried to fix this issue tracked as CVE-2021-34481, soon after it was found that the patches released by the company were an incomplete fix. To face this situation, Microsoft decided to change its focus and directly modify the way Point and Print works to prevent the exploitation of these flaws.
Previously, any user could add new devices to the Windows system, including printers, which facilitated the installation of the malicious driver and the consequent exploitation of the flaws. After this security update, only users with administrator privileges will be able to add a new device remotely: “The change takes effect with the installation of updates released on August 10 and will apply to all supported versions of Windows,” the company notes.
For obvious reasons, users with low privileges will no longer be able to add new printers or update drivers on the system, although Microsoft believes that this is a fair price to pay in order to eliminate the risk posed by PrintNightmare. Still, the company issued a registration key so that users would not apply this new measure if they decide to, although their systems would still be exposed to this dangerous flaw.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.