A signage of Microsoft is observed on March 13, 2020, in New York Town. Security scientists are however analyzing a patch for a vulnerability in Windows Print Spooler produced July 6. (Picture by Jeenah Moon/Getty Photographs)
Microsoft on Tuesday produced an unexpected emergency patch on the so-known as PrintNightmare vulnerability that attacked the Windows Print Spooler services (CVE-2021-34527), a fix that some security scientists are nevertheless assessing.
John Hammond, a senior security researcher at Huntress, reported his staff has validated the new patch on Windows 21H1 Business and discovered that when it has stopped nearby privilege escalation, the vulnerability however succeeds on Windows servers. On the other hand, Hammond stated the “seemingly partial fix” does seem to avert distant code execution.
According to Microsoft’s most recent update on July 6, updates are not still available for Windows 10 variation 1607, Windows Server 2016, or Windows Server 2012. The software program maker reported security updates for these variations of Windows will be introduced quickly. “So much, we have not viewed an all-encompassing patch state of affairs that helps prevent regional privilege escalation, stops remote code execution, and makes it possible for printing,” Hammond claimed.
Security pros really should make the latest Microsoft patch a high priority, recommended Joseph Carson, chief security scientist and advisory CISO at ThycoticCentrify, who named PrintNightmare a “massive security vulnerability.”
Carson stated that if a malicious attacker experienced an first foothold on a organization network, the programs were being publicly obtainable and ended up not patched in opposition to PrintNightmare, then the attacker could elevate to a domain admin and fully pwn the total network with just a couple of smaller methods.
“This could guide to a catastrophic security incident these as knowledge theft, fiscal fraud, or ransomware,” Carson reported. “The vulnerability impacts most versions of Windows techniques and it is critical to make certain your Windows atmosphere is patched ASAP, primarily critical servers and devices.”
Charles Ragland, security engineer at Electronic Shadows, said that the patch does not stop an attacker who has now compromised a device from continuing to abuse this vulnerability.
“Microsoft presently endorses that the print spooler service be manually disabled as a workaround until eventually a more comprehensive resolution is found,” Ragland stated. “This incident is an superb illustration of why unused solutions must be disabled or restricted. With an exploit publicly out there and a entire resolution not introduced, businesses really should keep track of this intently and update as fixes turn out to be offered.”
For numerous companies, information of this vulnerability could not have arrive at a even worse time, included ThycoticCentrify’s Carson.
“If you are also a Kaseya customer, then your patching functionality is also impacted,” he said. “So, sure, for numerous companies it’s a actual nightmare and one that will hold numerous CISO’s and security groups up at night striving to figure out how to patch all those susceptible devices and prevent attackers from turning Print Spooler into a domain admin compromise.”
Some parts of this article are sourced from:
www.scmagazine.com