The long continuing saga of the PrintNightmare vulnerabilities could finally be coming to an end with the release of an unofficial patch.
While Microsoft did issue a new patch to address the remote code exploitation (RCE) vulnerability, cybersecurity researchers dismissed it as ineffective.
To address the concerns, Mitja Kolsek, co-founder of the 0patch micropatching service, has released a free micropatch that can finally put an end to the PrintNightmare saga.
- Here’s our recommendations for the best small business printers
- We’ve also curated the best inkjet printers
- These are the best laser printers in 2021
PrintNightmare came to light when it was disclosed accidentally by Chinese security researchers who put out a proof-of-concept exploit thinking the vulnerability in Windows Print Spooler had already been patched by Microsoft.
Can of worms
Earlier this week, Benjamin Delpy, creator of popular post exploitation tool Mimikatz, has found a way to exploit the vulnerability in the Windows Print Spooler to enable any user to gain admin privileges on a vulnerable computer.
Breaking down Delpy’s exploit, Kolsek explains that although Windows asks all printer driver packages installed via Point and Print to be signed by a trusted source since 2016, Delpy found a way to include malicious executables outside of the signed package, which would then be run by the Print Spooler service.
Kolsek says this isn’t a trivial issue to fix, since adding signature requirements to queue-specific files is a code-intensive exercise.
“We therefore decided to implement the group policy-based workaround as a micropatch, blocking Point and Print printer driver installation from untrusted servers,” writes Kolsek while putting out his free patch that works on all active Windows releases, namely Windows Server 2008 R2 and above, as well as Windows 7 and above.
- Take a look at our collection of the best all-in-one printers
