Security Cloud Privacy Tech

Microsoft Windows PrinterNightmare Patch Highlight “Unperfect” Security Decisions

The PrinterNightmare vulnerability was patched out-of-band (on an emergency basis) but the patch doesn’t completely address the issue.

Hackers can still easily use this to run their code on your systems if you’re using a feature called “Point and Print” (and a lot of people are). Where does that leave defenders?

More in this short…

Transcript

There’s a vulnerability in all versions of Microsoft Windows called PrinterNightmare that hackers can use to remotely run their code on your systems.

[00:00:08] That’s bad. So bad, that Microsoft issued a rare “out of band” patch to fix the issue.

The problem? The patch doesn’t fix the issue entirely.

[00:00:17] Even with the patch, hackers can still remotely run their code if you’re using a feature called “Point and Print.”

This is a feature that makes it easier for everyday users to install printers without needing to call support.

[00:00:29] Now, teams are faced with a choice. Roll out this patch and turn off this useful feature, wait until a more complete fix is available, or some mixture of the two.

Security—like IT—is a world of imperfect decisions based on incomplete data.

It’s never easy and definitely, never boring.

References