Written by Tim Starks
More than a week later, Microsoft is still trying to get rid of its PrintNightmare.
This is the nickname of a bug for which a proof-of-concept exploit was accidentally posted online on June 30. Microsoft on Tuesday released an emergency update for the critical flaw, which affects all versions of the Windows print spooler that manages interactions between computers and printers. . The vulnerability could allow hackers to take control of computers remotely.
But on Thursday, Microsoft had to push back on researchers’ claims that its patch didn’t work.
“Our investigation has shown that the security update works as intended and is effective against known printer spooling exploits and other public reports collectively known as PrintNightmare,” the company wrote. “All of the reports we investigated relied on changing the default registry setting related to Point and Print to an insecure configuration.”
Previously the patch had other issues, such as broken connections with certain brands of printers. Microsoft recognized this problem, and recommended to rollback the patch to fix it.
Microsoft has also been criticized for initially labeling a similar vulnerability as low risk in an earlier update.
The bug was bad enough justify an alert of the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security. It also prompted Microsoft to release a security update for Windows 7, which the company ended support for in January 2020.
The vulnerability first emerged when Chinese researchers at Sangfor accidentally released the proof-of-concept code ahead of a scheduled talk at the Black Hat conference in Las Vegas that kicks off this month.
This isn’t the first time Print Spooler has dealt with extended vulnerabilities. Last summer, researchers discovered a denial of service vulnerability that affected versions of Windows as old as Windows 2000.
Comments are closed.