Our investigation has shown that the OOB security update is working as designed and is effective against the known printer spooling exploits and other public reports collectively being referred to as PrintNightmare. Update (9 July): With questions hanging around the effectiveness of Microsoft's latest out-of-band patch for PrintNightmare, the company has posted a clarified guidance on the issue following demonstrations of security researchers bypassing the fix. Although the patch bolstered protection with the added requirement of admin credentials during installation of unsigned printer drivers on print servers, a security researcher and developer reverse engineered a Windows DLL to bypass Microsoft's check for remote libraries and was able to exploit a fully patched server. A hot potato: Microsoft rushed to release a fix for the recently discovered 'PrintNightmare' vulnerability, pushing it as a mandatory security update for several Windows versions.
0 Comments
Leave a Reply. |