During the September tuesday patch, Microsoft fixed the latest PrintNightmare vulnerability. Exploitation of this flaw made it possible to modify Windows devices remotely.

Each month, Microsoft publishes a salvo of security updates on the occasion of a “tuesday patch”. Despite the routine, that of September 14 was particularly anticipated. And for good reason: the publisher of Windows has finally put an end to the dark soap opera of the summer, that of PrintNightmare vulnerabilities (literally, the nightmare of printing).

At the end of June, researchers from a Chinese company, worried about losing the exclusivity of their work, published details of their method of exploiting a vulnerability. Named PrintNightmare by them, it was on the Windows print spooler, the program in charge of formatting and transferring data to printers. Concretely, it allowed a hacker to quickly access the Windows Active Directory – a sort of system control tower – as an administrator. All from a distance. With such commands, hackers can initiate all kinds of malicious acts.

If the trio of researchers thought they were presenting a proof of concept for an already fixed vulnerability, it was actually a hitherto unknown flaw. The post was pulled within hours, but the damage was done: Cybercriminals were already exchanging details of the vulnerability.





The summer soap opera ends

Faced with an unexpected situation, Microsoft first transmitted methods to temporarily prevent the exploitation of the vulnerability. Although easy to implement, these mitigation measures complicated or even completely prevented the use of printers. Above all, they were only a temporary band-aid while waiting for a fix to be released. The latter arrived 10 days after publication, on July 8, in an emergency patch.

Problem: the same day, the French researcher Benjamin Delpy noted that the additions of the patch could be easily bypassed, and that PrintNightmare remained exploitable. This misstep will not be entirely made up for in the summer. Worse, other vulnerabilities present in other printing features of Windows have been added to PrintNightmare, which has become the term to designate all the vulnerabilities.

PrintNightmare is fixed, for good this time

As of the failed patch, it was only a matter of time before different gangs exploited the vulnerabilities to spread their ransomware. The Vice Society, Magniber or Conti groups have added PrintNightmare to their arsenal, and combined it with other vulnerabilities to achieve their misdeeds.

The September 14 patch corrects the vulnerability that started the soap opera, tracked under the identifier CVE-2021-36958. For good this time, it seems. Asked by the BleepingComputer, Benjamin Delpy confirmed that his operating method no longer works.

Photo credit of the one:

CCO / Pxhere About CyberGhost CyberGhost, Cyberwarre’s exclusive advertiser, is a premium VPN provider at affordable prices. It has thousands of secure servers spread across the world, allowing it to relocate its IP address and bypass geoblocks. CyberGhost does not keep any record of user activity. Its VPN application is available on all operating systems and connected devices and is the easiest to access on the market. Learn more about CyberGhost’s VPN solution