Cybersecurity researchers had expressed doubts about the efficacy of Microsoft’s recent PrintNightmare patch soon after it was released, and now there are reports of new proof-of-exploit code that circumvents the fix altogether.
PrintNightmare created havoc when it was accidentally disclosed by Chinese security researchers who put out a proof-of-concept exploit thinking the vulnerability in Windows Print Spooler had already been patched by Microsoft, which pushed the company to put out a new patch to address the remote code exploitation (RCE) vulnerability as well.
While security expert Kevin Beaumont believed the new patch didn’t plug the local privilege escalation (LPE) vulnerability in certain editions of Windows such as Windows Server 2012 R2, a new video by another researcher now demonstrates that both RCE and LPE vulnerabilities are still exploitable.
- Here’s our recommendations for the best small business printers
- We've put together a list of the best endpoint protection software
- Check our list of the best firewall apps and services
Patch the patch
Reporting on the findings of Benjamin Delpy, creator of popular post exploitation tool Mimikatz, The Register says that it’s how Microsoft checks for remote libraries in the PrintNightmare patch that offers an opportunity to work around the patch.
"They did not test it for real," Delpy bluntly told The Register, reportedly describing the issue as “weird from Microsoft.”
Microsoft however insists that while they are aware of the claims of the security researchers, and are testing them, they aren’t aware of any bypasses, avoiding answering The Register’s questions related to Delpy’s finding.
"If our investigation identifies additional issues, we will take action as needed to help protect customers," a Microsoft spokesperson told The Register.
- Protect your devices with these best antivirus software