1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • There's yet another new PrintNightmare hack

    From TechnologyDaily@1337:1/100 to All on Mon Aug 2 13:30:04 2021
    There's yet another new PrintNightmare hack

    Date:
    Mon, 02 Aug 2021 12:24:15 +0000

    Description:
    Researchers continue to uncover new exploits for PrintNightmare vulnerability.

    FULL STORY ======================================================================

    The PrintNightmare vulnerability is living up to its name with another cybersecurity researcher exploiting the bug in a privilege escalation attack.

    PrintNightmare created havoc when it was accidentally disclosed by Chinese security researchers who put out a proof-of-concept exploit thinking the vulnerability in Windows Print Spooler had already been patched by Microsoft, which pushed the company to put out a new patch to address the remote code exploitation (RCE) vulnerability as well.

    Now, Benjamin Delpy, creator of popular post exploitation tool Mimikatz, has found a way to exploit the vulnerability in the Windows Print Spooler to enable any user to gain admin privileges on a vulnerable computer. TechRadar needs you!

    We're looking at how our readers use VPNs with streaming sites like Netflix
    so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

    Click here to start the survey in a new window << These are the best endpoint protection tools Heres our collection of the best business printers Take a look at our collection of the best all-in-one printers

    According to reports, Delpys workaround takes advantage of the fact that Windows doesnt prevent Limited users from installing printer drivers. Furthermore, it wont complain when these drivers are fetched from remote
    print servers, and will then run them with the System privilege level. No end to the abuse

    After issuing an out-of-band update , Microsoft also included the PrintNightmare patch in its July Patch Tuesday .

    Notably, a section of security researchers, including Delpy, had raised concerns about the patch arguing that its how Microsoft checks for remote libraries in the PrintNightmare patch that offers an opportunity to work around the patch.

    In a tweet, Delpy mentioned that PrintNightmare has taught him a lot about printer spooler & drivers (even how to build and sign them).

    Hes put all his learnings into action by demonstrating a proof-of-concept (PoC) that downloads a rogue driver that misuses the latitude its given by Windows to eventually fire up a system prompt even for a user with a limited access account.

    Speaking to Bleeping Computer , Delpy shared that we havent seen the last of Windows print spooler abuse, pointing to a couple of upcoming sessions at DefCon and Black Hat conferences that will share new shortcomings and exploits. Protect your devices with these best antivirus software

    Via BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/theres-yet-another-new-printnightmare-hack/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)