[ad_1]
Just days after Microsoft sounded the alarm about an unpatched security vulnerability in the Windows Print Spooler service, perhaps yet another zero-day flaw in the same component emerged, making it the fourth flaw related to the printer to be discovered in recent weeks.
“Microsoft Windows allows non-administrator users to install printer drivers through Point and Print,” said Will Dormann, of the CERT Coordination Center, in a notice published on Sunday. “Printers installed using this technique also install queue specific files, which can be arbitrary libraries to be loaded by the privileged Windows print spooler process.”
Exploit for vulnerability revealed by security researcher and creator of Mimikatz Benjamin Delpy.
#nightmare print – Episode 4
Do you know what’s better than a legitimate Kiwi printer?
🥝Another legit Kiwi printer … 👍No prerequisites at all, you don’t even need to sign the drivers / package pic.twitter.com/oInb5jm3tE
– 🥝 Benjamin Delpy (@gentilkiwi) July 16, 2021
Specifically, the flaw allows a malicious actor to execute arbitrary code with SYSTEM privileges on a vulnerable Windows machine by connecting to a malicious print server under their control.
Although there is no solution to the problem, CERT / CC recommends configuring “PackagePointAndPrintServerList” to prevent the installation of printers from arbitrary servers and block outgoing SMB traffic at the network border, being Since public exploits for the vulnerability use SMB for connectivity to a shared printer.
The new issue is only the latest evidence of the fallout following the accidental publication of the PrintNightmare flaw last month, leading to the discovery of a number of vulnerabilities affecting the Print Spooler service.
Given the lack of details regarding CVE-2021-34481 – the local elevation of privilege (LPE) flaw reported by security researcher Jacob Baines – it is not immediately clear what connection, if any, vulnerability and this new print spooler signature verification bypass that also allows the LPE can have with each other.
We have contacted Microsoft for further clarification and will update the story once we receive a response.
[ad_2]
Source link