Skip naar inhoud

PrintNightmare haunts Microsoft as patch may miss mark

Wilt u deze bijdrage aanbevelen? Dat kan via:

Microsoft dropped an out-of-band patch to fix PrintNightmare, but there are concerns it may not be totally effective. This does not mean it shouldn’t be applied
Microsoft released a rare out-of-band patch on 7 July to fix the so-called PrintNightmare vulnerability, but appears to have failed to address some fundamental aspects of the Windows Print Spooler bug, meaning even fully patched systems may still be at risk, according to researchers.

The background to the somewhat confusing saga is thus: Microsoft had first patched CVE-2021-1675, as a relatively low-priority local privilege escalation vulnerability in June’s Patch Tuesday drop, but it came to prominence last week when two Chinese researchers, concerned that rivals were getting the jump on their research, released a proof of concept (PoC) exploit for what they believed was CVE-2021-1675. It was not; in fact, the researchers had exposed a far more dangerous RCE zero-day, CVE-2021-34527, for which no patch was available.

Almost immediately after the patch dropped, security pros said they had found that while the patch addressed the RCE component of PrintNightmare quite nicely, it failed to cover users against LPE in some specific situations – meaning an attacker already on the network could still wreak havoc if they wanted. In effect, the patch seems to be incomplete.

Huntress’s John Hammond said that to date, the firm had not seen a patch scenario that encompassed preventing LPE, preventing RCE, and most crucially for users, allowed them to print normally.

Moreover, the patch does not yet address various Microsoft systems, namely Windows 10 version 1607, Windows Server 2012 and Windows Server 2016. Microsoft said this was an intentional choice.

In a blog post, Redmond said: “Some packages are not quite ready for release. We feel that it is important to provide security updates as quickly as possible for systems we can confidently protect today.”

Regardless of the effectiveness of the patch, users are still best advised to download and apply it, even though this may be somewhat disruptive to security team schedules around the July Patch Tuesday drop, which will happen on 13 July.

Tenable staff research engineer Satnam Narang said PrintNightmare warranted immediate attention because of the ubiquity of Windows Print Spooler, and the prospect attackers could exploit the flaw to take over a domain controller.

“While we do not know with certainty why Microsoft chose to publish this as an out-of-band patch, we suspect the availability of a number of proof-of-concept exploit scripts along with reports of in-the-wild exploitation contributed to this decision,” he said. We expect it will only be a matter of time before it is more broadly incorporated into attacker toolkits.

“PrintNightmare will remain a valuable exploit for cyber criminals as long as there are unpatched systems out there, and as we know, unpatched vulnerabilities have a long shelf life for attackers.

“Now that Microsoft has released patches, organisations are strongly encouraged to apply the patches as soon as possible, especially as attackers incorporate readily available PoC exploit scripts into their toolkits,” Narang told Computer Weekly in emailed comments.

Tim Mackey, principal security strategist at the Synopsys CyRC (Cybersecurity Research Centre), agreed: “Whenever there is a new security disclosure, it should be assumed that knowledge of how to exploit the weaknesses in the disclosure is known.

“It should also be understood that once information is published online that it will be cloned or copied by someone else. PoCs of exploitable security issues are commonly posted after the security disclosure and associated patches are made public.

“Publication is a normal process because those details might allow other security researchers to identify other paths to exploitation that might also need patching. For users, the best thing they can do to avoid falling victim is to patch their Windows systems promptly,” he said.

Lees ook:

Help een jongere zijn studie door, doneer nu je oude laptop.

Het zal u vast nog niet ontgaan zijn, maar door de hoge inflatie is alles duurder geworden. In sommige gevallen zelfs te duur, zoals een nieuwe laptop voor een studie.

Wat wil en wenst de ontwikkelaar?

In een krappe ict-arbeidsmarkt is het voor werkgevers interessant te weten wat er onder ontwikkelaars leeft. Bedrijven die de juiste tools bieden, hebben een streepje voor. Een internationaal onderzoek onder ruim zeventigduizend ontwikkelaars uit de Stack Overflow-community geeft inzicht in de trends. Dit rapport is bij recruiters dan ook niet onopgemerkt gebleven. Ze krijgen zo een beeld van hoe developers leren en meer kennis vergaren, welke tools ze gebruiken en waaraan ze behoefte hebben.

TNO: Europa kan tech-overmacht VS en China doorbreken

Zet vol in op de ontwikkeling van 6G, maak Gaia-X volwassen, loop voorop met edge computing en omarm open technologie. Dit zijn enkele aanbevelingen van TNO om in Europa de overheersing van Big Tech en Chinese (5G-)bedrijven te doorbreken.

Subpostmaster campaigning forces government to set up compensation scheme and make interim payments

Subpostmaster campaign group is a step closer to achieving what it was originally set up to do as government launches compensation scheme for its members who did not receive fair payouts

Advies: wacht met 3,5 GHz tot Inmarsat weg is

Het duurt waarschijnlijk tot eind 2023 voordat de 3,5-GHz-frequentieband beschikbaar komt voor openbare mobiele-communicatiediensten. Er is weliswaar veel vraag naar extra frequentieruimte, maar op de daarvoor afgesproken 3,5-GHz-band kan dat storen met noodoproepen van de lucht- en zeevaart. Het ministerie krijgt het advies te wachten totdat satellietbedrijf Inmarsat is verhuisd van het Friese Burum naar Griekenland.

Na sase komt sse (security service edge)

Security service edge (sse) is de evolutie van het sase-framework van Gartner. Door de letter ‘A’ (voor ’access) te verwijderen, wordt duidelijk dat het netwerk niet langer wordt beschouwd als onderdeel van een beveiligingsoplossing. Het is slechts het mechanisme dat de datastromen naar het security- en controleplatform transporteert.

Wilt u deze bijdrage aanbevelen? Dat kan via:

Klaar voor de beste oplossing voor uw IT & ICT-situatie?

Ik heb mijn wachtwoord gewijzigd in “onjuist.” Dus wanneer ik vergeet wat het is, zal de computer zeggen: “Uw wachtwoord is onjuist.”