Over a week later, Microsoft is still trying to get rid of its PrintNightmare.
This is the nickname for a bug in a proof-of-concept exploit that was accidentally posted online on June 30th. Microsoft released an emergency update on Tuesday for the critical bug that affects all versions of the Windows print spooler that manages the interactions between computers and printers. The vulnerability could allow hackers to remotely seize computers.
But on Thursday Microsoft had to defend itself against claims by researchers that its patch was not working. “Our research has shown that … the security update is working as planned and is effective against known spooler vulnerabilities and other public reports collectively known as PrintNightmare,” the company wrote. All of the reports we examined were based on the fact that the default registry settings for Point and Print were changed to an insecure config.
The patch was previously experiencing other issues, such as the disconnection of some printers. Microsoft has identified this problem and has recommended rolling back the patch to resolve it. Microsoft has also been criticized for initially describing a similar vulnerability as low risk in an earlier update.
The bug was serious enough to warrant a warning from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, and it also prompted Microsoft to release a security update for Windows 7, for which the company discontinued support in January 2020, the proof-of -Concept Code released ahead of a scheduled talk at the Black Hat Conference in Las Vegas starting this month.
This is not the first time Print Spooler has addressed growing vulnerabilities. discovered a denial of service vulnerability affecting versions of Windows as old as Windows 2000.