acm-header
Sign In

Communications of the ACM

Home/News/Microsoft's Emergency Patch Fails to Fix Critical.../Full Text
ACM TechNews

Microsoft's Emergency Patch Fails to Fix Critical 'PrintNightmare' Vulnerability

By Ars Technica
July 9, 2021
Comments
View as: Print Mobile App Share:
A skull and crossbones over a field of data.

It's the biggest deal I've dealt with in a very long time, said Will Dormann, a senior vulnerability analyst at the CERT Coordination Center. Any time there's public exploit code for an unpatched vulnerability that can compromise a Windows domain contr

Credit: Getty Images

Researchers warn a software patch Microsoft issued this week did not fully correct a flaw in all supported versions of the Windows operating system that allows hackers to commandeer infected networks.

The PrintNightmare vulnerability is rooted in bugs in the Windows print spooler, which supports printing functionality in local networks, and which attackers can exploit remotely when print capabilities are exposed online.

Hackers also can use the flaw to escalate system privileges once they have infiltrated a vulnerable network via another bug, hijacking the domain controller.

Mimikatz developer Benjamin Delpy tweeted that exploits could circumvent Microsoft's out-of-band update, which fails to fix vulnerable systems that employ certain settings for the point and print feature.

From Ars Technica
View Full Article

 

Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA

 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account