Windows 10 update toughens security around Point and Print
Date:
Wed, 11 Aug 2021 09:35:37 +0000
Description:
Fallout from PrintNightmare vulnerability has given Microsoft the opportunity to fix a long-standing privilege issue.
FULL STORY ======================================================================
Microsoft has fine tuned the default printer driver installation and update behavior to mitigate vulnerabilities in the Windows Print Spooler service
that came to the fore with the PrintNightmare vulnerability.
The security update is designed to change the default Windows behavior, which debuted with Windows 2000 to enable users to connect to a print server to download and install necessary printer drivers.
Known as Point and Print, cybersecurity researchers recently demonstrated
that the feature could be used to run a malicious print server and force Windows systems to download and install malicious drivers. TechRadar needs you!
We're looking at how our readers use VPNs with streaming sites like Netflix
so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
Click here to start the survey in a new window << Take a look at our collection of the best all-in-one printers These are the best endpoint protection tools Check our list of the best firewall apps and services
Our investigation into several vulnerabilities collectively referred to as PrintNightmare has determined that the default behavior of Point and Print does not provide customers with the level of security required to protect against potential attacks. Today, we are addressing this risk by changing the default Point and Print driver installation and update behavior to require administrator privileges, shared the Microsoft Security Response Center
(MSRC) team. Fixing privileges
Following the disclosure of the vulnerability , tracked as CVE-2021-34481, Microsofts initial attempts to fix it were deemed incomplete.
Acknowledging that the vulnerability takes advantage of what can be described as a design flaw, Microsoft has now tweaked the default behavior to prevent users without administrator privileges from adding or updating printers.
Microsoft says that the change in policy will impact use cases that relied on regular Windows users to add and modify printers. However, in light of the fact that this vulnerability can be exploited Microsoft stresses that the security risk justifies this change despite the inconvenience it may cause.
That said, Microsoft has given users the option to manually override the new security policy with a registry key. Heres our recommendations for the best small business printers
Via The Record
======================================================================
Link to news story:
https://www.techradar.com/news/windows-10-update-toughens-security-around-poin t-and-print/
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)