To correct this flaw, Microsoft has released an emergency update for all recent versions of Windows, including Windows 7.
On June 29, several researchers from the company Sangfor mistakenly disclosed their method of exploiting a Windows flaw that they themselves discovered, called PrintNightmare. The problem is, Microsoft had not yet deployed a patch when they posted their documentation online detailing how the vulnerability could be exploited. The researchers quickly deleted their software test, but the damage was already done, and it ended up on GitHub.
As the name suggests, this flaw is located in the Windows print task manager, called the print spooler. The latter allows you to manage. By exploiting PrintNightmare, an attacker can execute code on a user’s machine. “An attacker could then install programs, view, modify or delete data, or create new accounts with full user rights,” warns Microsoft.
Microsoft partially fixed the flaw
Max Heinemeyer, of computer security firm Darktrace, told the BBC that PrintNightmare is like “a cyber bazooka – it’s relatively easy for criminals to use and can be used to make a huge impact.“
Initially, Microsoft, with the help of several private companies, deployed several measures to prevent the exploitation of this vulnerability. For this, the spooler has been disabled. However, this prevented network users from printing documents. This solution, although temporary, prevented the problem from worsening.
Finally, on July 6, Microsoft released a patch to fix this flaw, identified with serial number CVE-2021-34527. Now corrected, just download the update. “We recommend that you install these updates immediately,” the company warns.
However, fixing a vulnerability so quickly means that the patch is not perfect. As BleepingComputer points out, there are still risks. Proof of Concept (POC), concrete validation steps, resist PrintNightmare. Indeed, a hacker could still gain administrator rights on the system and access a user’s documents. Despite everything, this must be done from inside the organization, which limits the risks of major attacks, as Cyberwar indicates .
Also, although the patch is available for most versions of Windows, some are not yet covered, such as Windows Server 2016. Users have also revealed that for them the patch just does not work.