Microsoft's emergency PrintNightmare patch doesn't actually fix the issue at all

Scammers
(Image credit: Pixabay)

Cybersecurity researchers had expressed doubts about the efficacy of Microsoft’s recent PrintNightmare patch soon after it was released, and now there are reports of new proof-of-exploit code that circumvents the fix altogether.

PrintNightmare created havoc when it was accidentally disclosed by Chinese security researchers who put out a proof-of-concept exploit thinking the vulnerability in Windows Print Spooler had already been patched by Microsoft, which pushed the company to put out a new patch to address the remote code exploitation (RCE) vulnerability as well.

While security expert Kevin Beaumont believed the new patch didn’t plug the local privilege escalation (LPE) vulnerability in certain editions of Windows such as Windows Server 2012 R2, a new video by another researcher now demonstrates that both RCE and LPE vulnerabilities are still exploitable.

Patch the patch

Reporting on the findings of Benjamin Delpy, creator of popular post exploitation tool Mimikatz, The Register says that it’s how Microsoft checks for remote libraries in the PrintNightmare patch that offers an opportunity to work around the patch.

"They did not test it for real," Delpy bluntly told The Register, reportedly describing the issue as “weird from Microsoft.”

Microsoft however insists that while they are aware of the claims of the security researchers, and are testing them, they aren’t aware of any bypasses, avoiding answering The Register’s questions related to Delpy’s finding.

"If our investigation identifies additional issues, we will take action as needed to help protect customers," a Microsoft spokesperson told The Register.

TOPICS
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.