Print Nightmare Patch is incomplete
Yesterday, Microsoft has released an out-of-band KB5004945 security update to address the PrintNightmare vulnerability, unfortunately, the patch is incomplete and still allows remote code execution.null
Researchers have demonstrated that it is possible to bypass the emergency patch to achieve remote code execution and local privilege escalation on systems that have installed it.The fix is incomplete and that threat actors and malware can still locally exploit the vulnerability to gain SYSTEM privileges.
The expert Benjamin Delpy, also known for having developed the popular Mimikatz tool, discovered that when the Point and Print policy is enabled, attackers could bypass the patch to achieve Remote Code Execution.
The policy is available under Computer Configuration > Administrative Templates > Printers > Point and Print Restrictions.
Windows have no reason to install the July 6th patch and waiting for the patch they are recommended to disable the Print Spooler.