{"id":2436,"date":"2021-07-08T18:58:53","date_gmt":"2021-07-08T13:28:53","guid":{"rendered":"https:\/\/xiarch.com\/blog\/?p=2436"},"modified":"2021-07-08T18:58:55","modified_gmt":"2021-07-08T13:28:55","slug":"microsofts-fails-to-fully-fix-printnightmare-rce-vulnerability","status":"publish","type":"post","link":"https:\/\/xiarch.com\/blog\/microsofts-fails-to-fully-fix-printnightmare-rce-vulnerability\/","title":{"rendered":"Microsoft\u2019s Fails to Fully fix PrintNightmare RCE Vulnerability"},"content":{"rendered":"\n<p>Even though Microsoft scale its patches for the so-called vulnerability i.e. PrintNightmare for Windows 10 version 1607, Windows Server 2016, Windows Server 2012, it has come to light that the fix for the remote code execution accomplishment in the Windows Print Spooler service can be prevented in few scenarios, efficiently defeating the security protections and allowing an attacker to run malicious code on affected systems.<\/p>\n\n\n\n<p>On Tuesday, the Windows creator concerned about an emergency out-of-band update to address CVE-2021-34527 (CVSS score: 8.8) after the error was accidentally discovered by investigators from Hong Kong-based cybersecurity firm Sangfor late last month, at which point it appeared that the issue was different from another error\u2014tracked as CVE-2021-1675 \u2013that was patched by Microsoft on 8th of June.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-medium\"><img decoding=\"async\" loading=\"lazy\" width=\"300\" height=\"206\" src=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/07\/Microsofts-Fails-to-Fully-fix-PrintNightmare-RCE-Vulnerability-image1-300x206.jpg\" alt=\"Microsofts-Fails-to-Fully-fix-PrintNightmare-RCE-Vulnerability-image1\" class=\"wp-image-2439\" srcset=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/07\/Microsofts-Fails-to-Fully-fix-PrintNightmare-RCE-Vulnerability-image1-300x206.jpg 300w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/07\/Microsofts-Fails-to-Fully-fix-PrintNightmare-RCE-Vulnerability-image1.jpg 728w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/figure><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>What were the Other Security Vulnerabilities were discovered?<\/strong><\/h2>\n\n\n\n<p>Head of the security researcher at Check Point told our experts that \u201cFew days back, two security vulnerabilities were discovered in Microsoft Window\u2019s existing printing mechanism.\u201d These vulnerabilities allow a malicious attacker to gain full control of all the Windows environments that allow printing.<\/p>\n\n\n\n<p>\u201cThese are mostly working stations but, at scenarios, this relates to entire servers that are an essential part of every well-know organizational networks. Microsoft considered these vulnerabilities as sensitive, but when they were posted that they were able to fix only one of them, leaving the door open for accomplishment of the another vulnerability,\u201d Balmas added.<\/p>\n\n\n\n<p>PrintNightmare stems from the errors in the Windows Print Spooler service, which handles the printing procedure inside local networks. The main issue with the threat is that non-administrator users could load their printer drivers. This has now been amended.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>What are the Updates Microsoft release for Non-administrator user?<\/strong><\/h2>\n\n\n\n<p>Microsoft added, \u201cAfter installing this update and layer Windows updates, users who are not administrators can only able to install signed&nbsp;print drivers to a print server.\u201d Analyzing the advancements made to stop the risks associated with the error. \u201cAdministrator crucial information will be needed to install unsigned printer drivers on a printer server going forward.\u201d<\/p>\n\n\n\n<p>Publish the update\u2019s release, CERT\/CC vulnerability analyst Will Dormann exhorted that the patch \u201conly comes up to address the Remote Code Execution (RCE via SMB and RPC) variants of the PrintNightmare, and not the Local Privilege Escalation (LPE) variant,\u201d thereby permitting attackers to harm the latter to access SYSTEM privileges on vulnerable systems.<\/p>\n\n\n\n<p>Presently, further testing of the update has discovered that exploits targeting the bugs could avoid the remediations absolutely to achieve both the local privilege escalation and remote code execution. To gain this, however, the Windows Policy called \u201cPoint and Print Restrictions\u201d must be enabled (Computer Configuration\\ Policies\\ Administrative Templates\\ Printers: Point and Print Restrictions), using which malicious printer devices could be probably installed.<\/p>\n\n\n\n<p>On Wednesday Dormann said \u201cNote that the Microsoft update for CVE-2021-34527 does not efficiently avoid exploitation of system where the Point and Print NoWarningNoElevationOnInstall is set to 1.\u201d Microsoft, for its part, explains in its adversary that \u201cPoint and Print is not directly related to this vulnerability, but the technology weakens the local security posture in a way that exploitation will be possible.\u201d<\/p>\n\n\n\n<p>Where Microsoft has approved the nuclear option of stopping and disabling the Print Spooler service, an alternative workaround is to allow security hints for Point and Print and limit printer driver installation privileges to administrators alone by configuring the \u201cRestricDriveInstallationToAdministrators\u201d archives value to avoid regular users from installing printer drivers on a print server. Please message me once right after booking the appointment&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Even though Microsoft scale its patches for the so-called vulnerability i.e. PrintNightmare for Windows 10 version 1607, Windows Server 2016, Windows Server 2012, it has come to light that the fix for the remote code execution accomplishment in the Windows Print Spooler service can be prevented in few scenarios, efficiently defeating the security protections and [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":2438,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[6],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.11 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Microsoft\u2019s Fails to Fully fix PrintNightmare RCE Vulnerability - Xiarch Solutions Private Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xiarch.com\/blog\/microsofts-fails-to-fully-fix-printnightmare-rce-vulnerability\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft\u2019s Fails to Fully fix PrintNightmare RCE Vulnerability - Xiarch Solutions Private Limited\" \/>\n<meta property=\"og:description\" content=\"Even though Microsoft scale its patches for the so-called vulnerability i.e. PrintNightmare for Windows 10 version 1607, Windows Server 2016, Windows Server 2012, it has come to light that the fix for the remote code execution accomplishment in the Windows Print Spooler service can be prevented in few scenarios, efficiently defeating the security protections and [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xiarch.com\/blog\/microsofts-fails-to-fully-fix-printnightmare-rce-vulnerability\/\" \/>\n<meta property=\"og:site_name\" content=\"Xiarch Solutions Private Limited\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/xiarch\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-07-08T13:28:53+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-07-08T13:28:55+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/07\/Microsofts-Fails-to-Fully-fix-PrintNightmare-RCE-Vulnerability-feature-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Xiarch Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xiarch\" \/>\n<meta name=\"twitter:site\" content=\"@xiarch\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Xiarch Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/xiarch.com\/blog\/microsofts-fails-to-fully-fix-printnightmare-rce-vulnerability\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/microsofts-fails-to-fully-fix-printnightmare-rce-vulnerability\/\"},\"author\":{\"name\":\"Xiarch Security\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\"},\"headline\":\"Microsoft\u2019s Fails to Fully fix PrintNightmare RCE Vulnerability\",\"datePublished\":\"2021-07-08T13:28:53+00:00\",\"dateModified\":\"2021-07-08T13:28:55+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/xiarch.com\/blog\/microsofts-fails-to-fully-fix-printnightmare-rce-vulnerability\/\"},\"wordCount\":590,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"articleSection\":[\"Vulnerabilities\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/xiarch.com\/blog\/microsofts-fails-to-fully-fix-printnightmare-rce-vulnerability\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/xiarch.com\/blog\/microsofts-fails-to-fully-fix-printnightmare-rce-vulnerability\/\",\"url\":\"https:\/\/xiarch.com\/blog\/microsofts-fails-to-fully-fix-printnightmare-rce-vulnerability\/\",\"name\":\"Microsoft\u2019s Fails to Fully fix PrintNightmare RCE Vulnerability - Xiarch Solutions Private Limited\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#website\"},\"datePublished\":\"2021-07-08T13:28:53+00:00\",\"dateModified\":\"2021-07-08T13:28:55+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/xiarch.com\/blog\/microsofts-fails-to-fully-fix-printnightmare-rce-vulnerability\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/xiarch.com\/blog\/microsofts-fails-to-fully-fix-printnightmare-rce-vulnerability\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/xiarch.com\/blog\/microsofts-fails-to-fully-fix-printnightmare-rce-vulnerability\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/xiarch.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Microsoft\u2019s Fails to Fully fix PrintNightmare RCE Vulnerability\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/xiarch.com\/blog\/#website\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"name\":\"Xiarch Solutions Private Limited\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/xiarch.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\",\"name\":\"Xiarch\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"contentUrl\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"width\":300,\"height\":300,\"caption\":\"Xiarch\"},\"image\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/xiarch\/\",\"https:\/\/twitter.com\/xiarch\",\"https:\/\/www.linkedin.com\/company\/xiarch\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\",\"name\":\"Xiarch Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"caption\":\"Xiarch Security\"},\"sameAs\":[\"https:\/\/xiarch.com\/blog\/\"],\"url\":\"https:\/\/xiarch.com\/blog\/author\/vector\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft\u2019s Fails to Fully fix PrintNightmare RCE Vulnerability - Xiarch Solutions Private Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xiarch.com\/blog\/microsofts-fails-to-fully-fix-printnightmare-rce-vulnerability\/","og_locale":"en_US","og_type":"article","og_title":"Microsoft\u2019s Fails to Fully fix PrintNightmare RCE Vulnerability - Xiarch Solutions Private Limited","og_description":"Even though Microsoft scale its patches for the so-called vulnerability i.e. PrintNightmare for Windows 10 version 1607, Windows Server 2016, Windows Server 2012, it has come to light that the fix for the remote code execution accomplishment in the Windows Print Spooler service can be prevented in few scenarios, efficiently defeating the security protections and [&hellip;]","og_url":"https:\/\/xiarch.com\/blog\/microsofts-fails-to-fully-fix-printnightmare-rce-vulnerability\/","og_site_name":"Xiarch Solutions Private Limited","article_publisher":"https:\/\/www.facebook.com\/xiarch\/","article_published_time":"2021-07-08T13:28:53+00:00","article_modified_time":"2021-07-08T13:28:55+00:00","og_image":[{"width":1000,"height":525,"url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/07\/Microsofts-Fails-to-Fully-fix-PrintNightmare-RCE-Vulnerability-feature-image.jpg","type":"image\/jpeg"}],"author":"Xiarch Security","twitter_card":"summary_large_image","twitter_creator":"@xiarch","twitter_site":"@xiarch","twitter_misc":{"Written by":"Xiarch Security","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xiarch.com\/blog\/microsofts-fails-to-fully-fix-printnightmare-rce-vulnerability\/#article","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/microsofts-fails-to-fully-fix-printnightmare-rce-vulnerability\/"},"author":{"name":"Xiarch Security","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c"},"headline":"Microsoft\u2019s Fails to Fully fix PrintNightmare RCE Vulnerability","datePublished":"2021-07-08T13:28:53+00:00","dateModified":"2021-07-08T13:28:55+00:00","mainEntityOfPage":{"@id":"https:\/\/xiarch.com\/blog\/microsofts-fails-to-fully-fix-printnightmare-rce-vulnerability\/"},"wordCount":590,"commentCount":0,"publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"articleSection":["Vulnerabilities"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/xiarch.com\/blog\/microsofts-fails-to-fully-fix-printnightmare-rce-vulnerability\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/xiarch.com\/blog\/microsofts-fails-to-fully-fix-printnightmare-rce-vulnerability\/","url":"https:\/\/xiarch.com\/blog\/microsofts-fails-to-fully-fix-printnightmare-rce-vulnerability\/","name":"Microsoft\u2019s Fails to Fully fix PrintNightmare RCE Vulnerability - Xiarch Solutions Private Limited","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/#website"},"datePublished":"2021-07-08T13:28:53+00:00","dateModified":"2021-07-08T13:28:55+00:00","breadcrumb":{"@id":"https:\/\/xiarch.com\/blog\/microsofts-fails-to-fully-fix-printnightmare-rce-vulnerability\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xiarch.com\/blog\/microsofts-fails-to-fully-fix-printnightmare-rce-vulnerability\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/xiarch.com\/blog\/microsofts-fails-to-fully-fix-printnightmare-rce-vulnerability\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xiarch.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Microsoft\u2019s Fails to Fully fix PrintNightmare RCE Vulnerability"}]},{"@type":"WebSite","@id":"https:\/\/xiarch.com\/blog\/#website","url":"https:\/\/xiarch.com\/blog\/","name":"Xiarch Solutions Private Limited","description":"","publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xiarch.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/xiarch.com\/blog\/#organization","name":"Xiarch","url":"https:\/\/xiarch.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","contentUrl":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","width":300,"height":300,"caption":"Xiarch"},"image":{"@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/xiarch\/","https:\/\/twitter.com\/xiarch","https:\/\/www.linkedin.com\/company\/xiarch"]},{"@type":"Person","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c","name":"Xiarch Security","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","caption":"Xiarch Security"},"sameAs":["https:\/\/xiarch.com\/blog\/"],"url":"https:\/\/xiarch.com\/blog\/author\/vector\/"}]}},"_links":{"self":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/2436"}],"collection":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/comments?post=2436"}],"version-history":[{"count":2,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/2436\/revisions"}],"predecessor-version":[{"id":2442,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/2436\/revisions\/2442"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media\/2438"}],"wp:attachment":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media?parent=2436"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/categories?post=2436"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/tags?post=2436"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}