Yesterday Microsoft released an out-of-band patch for the PrintNightmare Zero-day exploit that grants attackers full Remote  Code Execution capabilities on fully patched Windows Print Spooler devices.

It turns out however that the patch, which was released in record time, may be flawed.

Microsoft only fixed the remote code exploit, meaning the flaw could still be used for local privilege escalation. In addition hackers soon discovered that the flaw could still be exploited even remotely.

According to Mimikatz creator Benjamin Delpy, the patch could be bypassed to achieve Remote Code Execution when the Point and Print policy is enabled.

This bypass was confirmed by security researcher Will Dorman.

Currently, security researchers advise that admins keep Print Spooler service disabled until all the issues are fixed.

Read much more detail at BleepingComputer here.

Comments