Previamente, many IS researchers prevenido that Microsoft’s emergency patch for a dangerous Printnightmare vulnerability was ineffective and that it did not eliminate the problem completely.
Let me remind you that the experts found that even after installing the correction, vulnerability can still be operated locally to obtain System privileges. Peor, the developer Mimikatz Benjamin Delp reportado that the patch can be completely bypassed and that the vulnerability can be used not only for local privileges, sino también para la ejecución remota de código arbitrario.
Para hacer esto, the Point and Print RESTRICTIONS policy should be active, y el «WHEN INSTALLING DRIVERS FOR A NEW CONNECTION» parameter must be set to «Do Not Show Warning On Elevation Prompt».
Now Microsoft responded to these warnings and reported that the patch works correctly:
ingenieros de microsoft actualizado Printnightmare Problem Correction Guide and still encourage users to install patches as soon as possible. Now the manual looks like this:
En todo caso, apply the patch for CVE-2021-34527 (update will not change the existing registry settings);
- After applying the update, check the registry settings documented in the CVE-2021-34527 description;
- If the registry keys listed there do not exist, further actions are not required;
- If the registry keys exist, it is necessary to confirm that the following registry keys are set to 0 (cero) or they are missing:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrintNoWarningNoElevationOnInstall = 0 (DWORD) or not set (por defecto) and UpdatePromptSettings = 0 (DWORD) or not set (por defecto).
Sin embargo, in addition to the effectiveness of an unscheduled patch, other difficulties arose with it. El Computadora que suena media reported that the KB5004945 update, designed to eliminate Printnightmare, violated work of some models of Zebra and Dymo printers.
After the release of the patch, users started massively complaining on Twitter and on Reddit that the work of Zebra printers has become impossible. According to the victims, the problem affected only printers directly connected to Windows devices via USB. Zebra printers connected to the print server have not been injured.
It was reported that the bug affected only certain Zebra models, including the most popular: LP 2844, ZT220, ZD410, ZD500, ZD620, ZT230, ZT410 and ZT420.
Zebra developers confirmed that they know about the problem. The company advised:
Sin embargo, the situation was aggravated by the fact that it is a mandatory security update, which means, después de algún tiempo, Windows will automatically set it again.
Curiosamente, Microsoft reported that these failures are not associated with CVE-2021-34527 y CVE-2021-1675, but caused by changes in the preview version of the cumulative update for June 2021. Developers have released emergency patches for Windows 10 2004, Windows 10 20H2 and Windows 10 21H1 to eliminate bugs.
Fixes are deployed using Microsoft Known Issue Rollback (KIR), which distributes patches for known errors through Windows Update. Eso es, patches should get to most users in the next day.