Microsoft's Out-of-Band fix for PrintNightmare already by-passed by hackers

Reading time icon 1 min. read

Readers help support MSPoweruser. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help MSPoweruser effortlessly and without spending any money. Read more

Yesterday Microsoft released an out-of-band patch for the PrintNightmare Zero-day exploit that grants attackers full Remote  Code Execution capabilities on fully patched Windows Print Spooler devices.

It turns out however that the patch, which was released in record time, may be flawed.

Microsoft only fixed the remote code exploit, meaning the flaw could still be used for local privilege escalation. In addition hackers soon discovered that the flaw could still be exploited even remotely.

According to Mimikatz creator Benjamin Delpy, the patch could be bypassed to achieve Remote Code Execution when the Point and Print policy is enabled.

This bypass was confirmed by security researcher Will Dorman.

Currently, security researchers advise that admins keep Print Spooler service disabled until all the issues are fixed.

Read much more detail at BleepingComputer here.

More about the topics: PrintNightmare, security