Microsoft makes second attempt to fix PrintNightmare flaw

The Patch Tuesday fix is included among updates for 117 separate flaws, including four vulnerabilities that are under attack

Microsoft has made renewed efforts to fix the notorious Print Spooler remote code execution vulnerability in its latest wave of Patch Tuesday updates after the first attempt only provided a partial fix.

Emergency efforts to fix the vulnerability tracked as CVE-2021-34527 last week fell short after researchers discovered that it could still be exploited if targeted machines have the ‘point and print’ feature enabled. 

This vulnerability is among 117 flaws to have been patched in the latest wave of Patch Tuesday updates, and among four now-patched flaws that are under attack. The other three are CVE-2021-31979 and CVE-2021-33771, which are both privilege escalation flaws in the Windows Kernel, and CVE-2021-34448, which is a scripting engine memory corruption flaw.

Of the 117, 13 are rated as critical, while 103 are rated important. In addition to the four previously mentioned, there are five more zero-day vulnerabilities that Microsoft has fixed, which haven’t yet been targeted.

The renewed efforts to fix PrintNightmare is welcome news for businesses anxious about being targeted, particularly given the shambolic nature in which it was disclosed and the way that Microsoft had initially failed to fix it. 

Earlier this month, researchers with Sangfor inadvertently published an exploit for the previously unknown flaw, now commonly referred to as PrintNightmare, in an unfortunate case of mistaken identity. 

Microsoft had previously fixed a Print Spooler privilege escalation flaw in an early June wave of Patch Tuesday updates, tracked as CVE-2021-1675. The firm subsequently upgraded this from privilege escalation to remote code execution on 23 June.

The researchers, who were separately probing Print Spooler bugs, then released the proof-of-concept exploitation for a remote code execution flaw - believing it to be the same one that Microsoft had patched. It was, however, the exploit for an entirely different flaw that hadn’t been disclosed.

Related Resource

Aberdeen Report: How a platform approach to security monitoring initiatives adds value

Integration, orchestration, analytics, automation, and the need for speed

White text against a pink-red background - whitepaper from IBMDownload now

Although the researchers swiftly took down their work, the exploit code was downloaded and republished elsewhere, with attackers then using it to target systems in recorded attacks, according to Microsoft. 

Microsoft then attempted to fix the flaw last week, although researcher Benjamin Delpy found he could still demonstrate exploitation on a Windows Server 2019 deployment with point and print enabled.

This is a tool that makes it easier for users within a network to obtain the printer drivers and queue documents to print. Although it isn’t directly related to the flaw, Microsoft acknowledged that the technology “weakens the local security posture in such a way that exploitation will be possible”. 

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Recommended

Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021

Most Popular

The benefits of workload optimisation
Sponsored

The benefits of workload optimisation

16 Jul 2021
RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021