Author Topic: PrintNightmare nightmare  (Read 1228 times)

0 Members and 1 Guest are viewing this topic.

Offline PerranOak

  • Frequent Contributor
  • **
  • Posts: 481
  • Country: gb
PrintNightmare nightmare
« on: July 09, 2021, 08:57:14 am »
Microsoft have issued a fix for the PrintNightmare vulnerability. However, I see that some people think that this update doesn’t fix it completely.

They advise some rigmarole around “point-to-print” or disabling print spooling.

Are these fixes to the fix necessary for the “ordinary” user?

I can just about cope with disabling the print spooler but that other thing …  :-//

Some light can never be seen!
RJD
 

Online ataradov

  • Super Contributor
  • ***
  • Posts: 8014
  • Country: us
    • Personal site
Re: PrintNightmare nightmare
« Reply #1 on: July 09, 2021, 03:48:12 pm »
There was one bodged fix, that only fixed it for the demo code they were provided, but did not fix the real issue.

Then there was a second fix that supposedly fixed everything, but it is not clear if it actually does.

For now just disable print spooler, it is enough to hide the issue. Wait for a couple weeks and let them figure it out for real.
Alex
 
The following users thanked this post: PerranOak

Offline PerranOak

  • Frequent Contributor
  • **
  • Posts: 481
  • Country: gb
Re: PrintNightmare nightmare
« Reply #2 on: July 09, 2021, 04:31:36 pm »
Will do, cheers.
Some light can never be seen!
RJD
 

Online ataradov

  • Super Contributor
  • ***
  • Posts: 8014
  • Country: us
    • Personal site
Re: PrintNightmare nightmare
« Reply #3 on: July 09, 2021, 05:38:06 pm »
I just got an email from company's IT that a critical patch would be rolled out today. It does not say that it is for this issue, but realistically you can guess that it is.

So it looks like there is at least some trusted patch. It may be still incomplete one though.

I would still just disable the spooler. Unless you print a lot, it does not really matter.
Alex
 

Offline PerranOak

  • Frequent Contributor
  • **
  • Posts: 481
  • Country: gb
Re: PrintNightmare nightmare
« Reply #4 on: July 10, 2021, 09:24:54 am »
Cheers. It's disabled now and waiting for a "proper" patch!
Some light can never be seen!
RJD
 

Offline PerranOak

  • Frequent Contributor
  • **
  • Posts: 481
  • Country: gb
Re: PrintNightmare nightmare
« Reply #5 on: July 14, 2021, 04:48:46 pm »
Are we still waiting for a final patch?
Some light can never be seen!
RJD
 

Online ataradov

  • Super Contributor
  • ***
  • Posts: 8014
  • Country: us
    • Personal site
Re: PrintNightmare nightmare
« Reply #6 on: July 14, 2021, 05:20:05 pm »
I was going to listen to Security Now on a lunch break later today, but reading the podcast notes, I see that Microsoft does not consider some of the issues to be real issue. And Point
And Print is involved here somehow.

So the current best recommendation is:
Quote

In other words, apply the out-of-band patch and be sure that the two keys noted above under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsNT\Printers\PointAndPrint
do not exist. If you don’t know you need them, remove them for safety and security.
The optioons to remove are:
NoWarningNoElevationOnInstall = 0 (DWORD) or not defined (default setting)
UpdatePromptSettings = 0 (DWORD) or not defined (default setting)

Having NoWarningNoElevationOnInstall set to 1 makes your system vulnerable by design.

So if you or some other application did not change anything in the registry, then you are safe with the latest patches. If you have those keys and they are set to 1, then you are vulnerable and this is not going to be fixed.

It is likely that you don't have those keys, but double check to be sure. Especially given that the fixed issue is a local privilege escalation, and the other one is a remote code execution.
Alex
 

Offline PerranOak

  • Frequent Contributor
  • **
  • Posts: 481
  • Country: gb
Re: PrintNightmare nightmare
« Reply #7 on: July 15, 2021, 10:27:08 am »
Cheers.

I checked here:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT

but there was no "Printers" sub-structure so I guess I don't have these.

Some websites talk about a "Group Policy" thing but I couldn't find it in regedit.
Some light can never be seen!
RJD
 

Online oPossum

  • Super Contributor
  • ***
  • Posts: 1261
  • Country: us
  • The other white meat.
Re: PrintNightmare nightmare
« Reply #8 on: July 15, 2021, 10:38:44 am »
Some websites talk about a "Group Policy" thing but I couldn't find it in regedit.

Win-R gpedit.msc
 

Online ataradov

  • Super Contributor
  • ***
  • Posts: 8014
  • Country: us
    • Personal site
Re: PrintNightmare nightmare
« Reply #9 on: July 15, 2021, 04:58:41 pm »
The registry keys are sufficient to address the issue. If you don't have them and have latest updates, you are secure.
Alex
 
The following users thanked this post: PerranOak


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf