Merely days after Microsoft sounded the alarm on an unpatched security vulnerability within the Home windows Print Spooler service, probably one more zero-day flaw in the identical part has come to gentle, making it the fourth printer-related flaw to be found in current weeks.
“Microsoft Home windows permits for non-admin customers to have the ability to set up printer drivers by way of Level and Print,” CERT Coordination Middle’s Will Dormann said in an advisory revealed Sunday. “Printers put in by way of this method additionally set up queue-specific information, which will be arbitrary libraries to be loaded by the privileged Home windows Print Spooler course of.”
#printnightmare – Episode 4
You recognize what is best than a Legit Kiwi Printer ?
🥝One other Legit Kiwi Printer…👍
No prerequiste in any respect, you even need not signal drivers/bundle🤪 pic.twitter.com/oInb5jm3tE
— 🥝 Benjamin Delpy (@gentilkiwi) July 16, 2021
Particularly, the flaw permits a risk actor to execute arbitrary code with SYSTEM privileges on a weak Home windows machine by connecting to a malicious print server beneath their management.
Whereas there isn’t a resolution to the issue, CERT/CC recommends configuring “PackagePointAndPrintServerList” to forestall the set up of printers from arbitrary servers and blocking outbound SMB visitors on the community boundary, provided that public exploits for the vulnerability make the most of SMB for connectivity to a malicious shared printer.
The brand new problem is simply the newest proof of the fallout after the PrintNightmare flaw by chance grew to become public final month, resulting in the invention of a variety of vulnerabilities affecting the Print Spooler service.