December 9, 2023

Yesterday, Microsoft has released an out-of-band KB5004945 security update to address the PrintNightmare vulnerability, unfortunately, the patch is incomplete and still allows remote code execution.null

Researchers have demonstrated that it is possible to bypass the emergency patch to achieve remote code execution and local privilege escalation on systems that have installed it.The fix is incomplete and that threat actors and malware can still locally exploit the vulnerability to gain SYSTEM privileges.

The expert Benjamin Delpy, also known for having developed the popular Mimikatz tool, discovered that when the Point and Print policy is enabled, attackers could bypass the patch to achieve Remote Code Execution.

The policy is available under Computer Configuration > Administrative Templates > Printers > Point and Print Restrictions.

Windows have no reason to install the July 6th patch and waiting for the patch they are recommended to disable the Print Spooler.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d