[ad_1]
An emergency patch the researchers said it does not completely address the critical security vulnerability in all versions of Windows released by Microsoft on Tuesday, which allow attackers to control infected systems and run selected code.
The threat, commonly known as PrintNightmare, Windows a printing spooler that provides local network printing functionality. The code for exploiting the concept was publicly released and then revoked, but not before it was copied by others. Researchers monitor vulnerability as CVE-2021-34527.
Attackers can remotely use their printing skills when they are on the Internet. Attackers can also use it to increase system privileges when they use a different vulnerability to get caught within a vulnerable network. Either way, opponents can take control of the domain controller, which, as a server that authenticates its users, is one of the most secure activities in any Windows network.
“It’s the biggest deal I’ve dealt with in a very long time,” said Will Dormann, chief analyst at the CERT Coordination Center, which investigates federally funded U.S. nonprofit software bugs and works with companies and governments to improve security. “When there’s a code for exploiting an unpatched vulnerability that could jeopardize a Windows domain controller, that’s bad news.”
After seeing the seriousness of the error, Microsoft he posted an out-of-band fixed on Tuesday. Microsoft said the update “completely addresses public vulnerability.” But on Wednesday, just over 12 hours after its publication, a researcher showed how farms could avoid the patch.
“It’s hard to work with strings and filenames,” said Benjamin Delpy, a developer of Mimikatz hacking and network availability and other software. he wrote on Twitter.
Along with Delpy’s tweet video which showed hastily written exploitation while working against a Windows Server 2019 that had an out-of-band patch installed. Demo shows that the update fails to fix weak systems that use certain settings for the function called Point and printfacilitates access to the printer drivers needed by network users.
As of Tuesday, this is buried at the bottom of Microsoft’s advice: “Point and Print does not have a direct link to this vulnerability, but technology weakens the local security stance as exploitation will be possible.”
The incomplete patch is the latest gaffe that brings PrintNightmare weakness. Over the past month, Microsoft’s monthly patch patch has been fixed CVE-2021-1675, a printing spooler error that allows hackers with limited system rights to increase the administrator’s privilege. Microsoft Thanks to Zhipeng Huo of Tancent Security, Piotr Madej of Afine and Yunhai Zhang of Nsfocus for finding and reporting the mistake.
A few weeks later, two researchers — Zhiniang Peng of Zhinfor and Xuefeng Li — published the analysis CVE-2021-1675, which showed that it could be used not only to increase privileges, but also to obtain remote code execution. The researchers named it PrintNightmare.
Eventually, the researchers determined that PrintNightmare exploited a similar (but eventually CVE-2021-1675) vulnerability. Zhiniang Peng and Xuefeng Li exploited proof of the concept when they learned of the mixture, but by then their exploitation was already in wide circulation. At least today the use of proof of the concept is available to the public, with some capabilities that are far more than what the initial exploitation allowed.
Microsoft Repairs protects Windows servers that are configured as domain controllers or as Windows 10 devices that use the default settings. In Delpy’s Wednesday show, PrintNightmare shows that it works against a much wider range of systems, including those that enable Point and Print and select the NoWarningNoElevationOnInstall option. The researcher carried out the operation in Mimikatz.
In addition to trying to close the weakness in code execution, the CVE-2021-34527 fix on Tuesday also installs a new mechanism that allows Windows administrators to implement stronger restrictions when users try to install printer software.
“Prior to the installation of Windows updates and newer protections for CVE-2021-34527 on July 6, 2021, the printer operator security team may install both signed and unsigned printer drivers on the printer server,” a Microsoft consulting stated. “After installing these updates, delegated administrator groups, such as printer operators, can only install signed printer drivers. Administrator credentials will be required to install unsigned printer drivers on the printer server.”
Although the out-of-band patch is incomplete on Tuesday, it provides significant protection against the many types of attacks that exploit the weakness of the print spooler. So far no known case of investigators is said to endanger the system. If that doesn’t change, Windows users should install patches from June and Tuesday and wait for further instructions from Microsoft. Company representatives did not immediately comment on this post.
This story first appeared Ars Technica.
KABEKO Bigger Stories
[ad_2]
Source link
