December 9, 2023

Yesterday, Microsoft has released an out-of-band KB5004945 security update to address the PrintNightmare vulnerability, unfortunately, the patch is incomplete and still allows remote code execution.null

Researchers have demonstrated that it is possible to bypass the emergency patch to achieve remote code execution and local privilege escalation on systems that have installed it.The fix is incomplete and that threat actors and malware can still locally exploit the vulnerability to gain SYSTEM privileges.

The expert Benjamin Delpy, also known for having developed the popular Mimikatz tool, discovered that when the Point and Print policy is enabled, attackers could bypass the patch to achieve Remote Code Execution.

The policy is available under Computer Configuration > Administrative Templates > Printers > Point and Print Restrictions.

Windows have no reason to install the July 6th patch and waiting for the patch they are recommended to disable the Print Spooler.

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

WordPress POP CMS Vulnerability

December 9, 2023

Apache Struts fixes Critical Vulnerability – CVE-2023-50164

December 8, 2023

Meta enables Messenger with E2EE by Default

December 8, 2023 2

CISA KEV Update Part II – December 2023

December 7, 2023

Atlassian fixes critical RCE vulnerabilities in its products

December 6, 2023

Microsoft Echo’s on APT 28 exploiting CVE-2023-23397

December 5, 2023
%d