Print Nightmare

For the second time, Microsoft has attempted and failed to patch the PrintNightmare vulnerability. Tracked initially as CVE-2021-1675, and the second RCE as CVE-2021-34527. We warned you about this last week, but a few more details are available now. The original reporter, [Yunhai Zhang] confirms our suspicions, stating on Twitter that “it seems that they just test with the test case in my report”.

CVE-2021-1675 is meant to fix PrintNightmare, but it seems that they just test with the test case in my report, which is more elegant and also more restricted. So, the patch is incomplete. : (

— Yunhai Zhang (@_f0rgetting_) July 1, 2021

Microsoft has now shipped an out-of-band patch to address the problem, with the caveat that it’s known not to be a perfect fix, but should eliminate the RCE element of the vulnerability. Except … if the server in question has the point and print feature installed, it’s probably still vulnerable. And to make it even more interesting, Microsoft says they have already seen this vulnerability getting exploited in the wild. Continue reading “This Week In Security: Print Nightmare Continues, Ransomware Goes Bigger, And ATM Jackpots!” →

Hackaday

1 Articles

This Week In Security: Print Nightmare Continues, Ransomware Goes Bigger, And ATM Jackpots!

Search

Never miss a hack

If you missed it

Java Ring: One Wearable To Rule All Authentications

Static Electricity And The Machines That Make It

Retro Gadgets: Things Your TV No Longer Needs

An Ode To The SAO

Tech In Plain Sight: Zipper Bags

Our Columns

FLOSS Weekly Episode 803: Unconferencing With OggCamp

Retrotechtacular: Another Thing Your TV No Longer Needs

Supercon 2023: Thea Flowers Renders KiCad Projects On The Web

Supercon 2023 – Going Into Deep Logic Waters With The Pico’s PIO And The Pi’s SMI

Hackaday Links: September 29, 2024

Search

Never miss a hack

Subscribe

If you missed it

Our Columns