The PrinterNightmare vulnerability was patched out-of-band (on an emergency basis) but the patch doesn’t completely address the issue.
Hackers can still easily use this to run their code on your systems if you’re using a feature called “Point and Print” (and a lot of people are). Where does that leave defenders?
More in this short…
Transcript
There’s a vulnerability in all versions of Microsoft Windows called PrinterNightmare that hackers can use to remotely run their code on your systems.
[00:00:08] That’s bad. So bad, that Microsoft issued a rare “out of band” patch to fix the issue.
The problem? The patch doesn’t fix the issue entirely.
[00:00:17] Even with the patch, hackers can still remotely run their code if you’re using a feature called “Point and Print.”
This is a feature that makes it easier for everyday users to install printers without needing to call support.
[00:00:29] Now, teams are faced with a choice. Roll out this patch and turn off this useful feature, wait until a more complete fix is available, or some mixture of the two.
Security—like IT—is a world of imperfect decisions based on incomplete data.
It’s never easy and definitely, never boring.
References
- Brian Krebs has a post on the out-of-band patch, Microsoft Issues Emergency Patch for Windows Flaw
- From BleepingComputer, Microsoft’s incomplete PrintNightmare patch fails to fix vulnerability
- Security Update Guide - Microsoft Security Response Center
- Introduction to Point and Print - Windows drivers | Microsoft Docs
