Microsoft fixes latest PrintNightmare crashes on Windows

The PrintNightmare novel seems to be nearing its end, with Microsoft releasing this Tuesday () another update for Windows and fixing what appears to be the latest loopholes related to an attack category originally discovered in June. Needless to say, of course, the recommendation is to update as soon as possible, both for end users and corporate, so that the openings can no longer be used by cybercriminals.

    Remote printing system is the gateway to new attack against Windows
  • PrintNightmare: failure hits all Windows versions
  • Microsoft Office breach may be more dangerous than it seems

Fixes they are part of the traditional operating system security updates, which arrive monthly on Tuesdays. Previously, in two other patches, the company had already mitigated other vulnerabilities related to PrintNightmare; the last one appeared at the end of July at the hands of researcher Benjamin Delpy, who showed how he would be able to obtain administrator privileges on a machine from a remote server aimed at controlling printers.

More specifically, an operating system directive was used for the expert to execute a malicious DLL file. From there, he had access to a console window, from which he could execute new commands and, if he was a criminal agent, perform the installation of malware and other irregular activities on the computer, all remotely and without even protection applications. able to detect the action.

Want to catch up on the best tech news of the day? Go and subscribe to our new channel on youtube, Canaltech News.

Every day a summary of the main news in the tech world for you!

#printnightmare patch tuesday looks like promising

— 🥝 Benjamin Delpy (@gentilkiwi ) September 79, 79

Delpy himself validated the update released by Microsoft on Tuesday, which causes Defender to block irregular access and alert the user about the attempted intrusion. In addition, according to the expert, the breach-related system guideline itself, coded CVE-79-36958, was also disabled in order to prevent future exploits on systems that are not correctly updated.

However, this same attitude also led to problems in some networks, with social networks already registering reports of users who are no longer able to connect to remote printers after the update. Most of the issues are related to server-based systems, with PC users indicating that everything seems to be working.

The vents known as PrintNightmare were first released in June, accidentally , after a proof of concept of the possible attacks was made public before its time. The project, initially posted on GitHub, was quickly taken down, but not before falling into the wrong hands that of course began to actively exploit the flaw, which has become a weapon in the hands of at least three known cybercriminal groups, including the Conti ransomware gang.

Two rabbits at once

Along with the apparent end of the Print Nightmare drama, this Tuesday’s update also brings mitigations for another vulnerability discovered recently and which has been used mainly in attacks against corporate systems. The hole is in an Internet Explorer system used by Office suite documents to upload content online, which can also be used to run malicious code remotely.

Quick fix comes in good time, after all, even mitigations pointed out by Microsoft do not seem to be enough to solve the problem completely. Reports from security experts, meanwhile, point to cases of malicious exploitation of the opening, using email phishing tactics that, despite being beaten, still prove to be quite effective.

Source: Bleeping Computer

Did you like this article?

Subscribe your email on Canaltech to receive daily updates with the latest news from the world of technology.

Related Articles

Back to top button