November 30, 2023

Microsoft’s most recent Patch release may have resolved the final remains of the PrintNightmare vulnerabilities, but it have impacted users ability to access network printer resources. The vulnerability, identified in June 2021, provides the unwanted ability to initiate remote code executions via the long-plagued Windows Print Spooler.

The latest patch did resolve the current vulnerability, it also introduced a new problem, the inability of some users to access network printers. Network administrators responsible for managing system patching have reported problems ranging from event logs recording error 4098 warnings to missing printer ports to access denied errors preventing use. The reported issues are currently being resolved by rolling back the update.

Microsoft’s latest print spooler-based CVSS article addressed a finding allowing attackers who successfully exploited the vulnerability to execute code with elevated privileges via remote code execution. This escalated privilege would allow the attacker to access and gain unwanted control of the target machine.

Attackers use available exploits, such as web application code vulnerabilities, to install malware designed to download and run CPU-based mining programs. The programs run silently in the background, robbing computing resources and impacting overall usability while using the hijacked resources to illegally mine cryptocurrency.

The post-patch network printing bug has been verified across multiple models and manufacturers. The problem does not appear to impact those users connected to a printer via universal serial bus (USB) connections.

Leave a Reply

%d bloggers like this: