Microsoft declara que el parche Printnightmare funciona correctamente

Patch for Printnightmare

Previamente, many IS researchers prevenido that Microsoft’s emergency patch for a dangerous Printnightmare vulnerability was ineffective and that it did not eliminate the problem completely.

Let me remind you that the experts found that even after installing the correction, vulnerability can still be operated locally to obtain System privileges. Peor, the developer Mimikatz Benjamin Delp reportado that the patch can be completely bypassed and that the vulnerability can be used not only for local privileges, sino también para la ejecución remota de código arbitrario.

Para hacer esto, the Point and Print RESTRICTIONS policy should be active, y el «WHEN INSTALLING DRIVERS FOR A NEW CONNECTION» parameter must be set to «Do Not Show Warning On Elevation Prompt».

Now Microsoft responded to these warnings and reported that the patch works correctly:

Our investigation has shown that unscheduled security update is working properly and effectively against famous exploits and other public reports that are combined as Printnightmare. All reports we studied were based on changing the default registry settings associated with the Point and Print function, on an unsafe configuration.la empresa dijo.

ingenieros de microsoft actualizado Printnightmare Problem Correction Guide and still encourage users to install patches as soon as possible. Now the manual looks like this:

En todo caso, apply the patch for CVE-2021-34527 (update will not change the existing registry settings);

  • After applying the update, check the registry settings documented in the CVE-2021-34527 description;
  • If the registry keys listed there do not exist, further actions are not required;
  • If the registry keys exist, it is necessary to confirm that the following registry keys are set to 0 (cero) or they are missing:
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrintNoWarningNoElevationOnInstall = 0 (DWORD) or not set (por defecto) and UpdatePromptSettings = 0 (DWORD) or not set (por defecto).

Sin embargo, in addition to the effectiveness of an unscheduled patch, other difficulties arose with it. El Computadora que suena media reported that the KB5004945 update, designed to eliminate Printnightmare, violated work of some models of Zebra and Dymo printers.

After the release of the patch, users started massively complaining on Twitter and on Reddit that the work of Zebra printers has become impossible. According to the victims, the problem affected only printers directly connected to Windows devices via USB. Zebra printers connected to the print server have not been injured.

We have about 1,000 clients using Zebra printers, and they called us repetitively because they cannot print. Surely this update is responsible for it, because after its rollback [printer] again spits [labels].writes one of the users.

It was reported that the bug affected only certain Zebra models, including the most popular: LP 2844, ZT220, ZD410, ZD500, ZD620, ZT230, ZT410 and ZT420.

Zebra developers confirmed that they know about the problem. The company advised:

Immediate way to solve the problem is to delete the update KB5004945 for Windows or delete the appropriate printer driver and reuse it using the administrator credentials.

Sin embargo, the situation was aggravated by the fact that it is a mandatory security update, which means, después de algún tiempo, Windows will automatically set it again.

Curiosamente, Microsoft reported that these failures are not associated with CVE-2021-34527 y CVE-2021-1675, but caused by changes in the preview version of the cumulative update for June 2021. Developers have released emergency patches for Windows 10 2004, Windows 10 20H2 and Windows 10 21H1 to eliminate bugs.

After installing the updates of KB5003690 or later (including additional updates to KB500476 and KB5004945), you could have problems with printing on certain printers. The most vulnerable devices are printers for printing checks and labels that are connected via USB.Microsoft wrote.

Fixes are deployed using Microsoft Known Issue Rollback (KIR), which distributes patches for known errors through Windows Update. Eso es, patches should get to most users in the next day.

Por Vladimir Krasnogolovy

Vladimir es un especialista técnico al que le encanta dar consejos y sugerencias cualificados sobre los productos de GridinSoft. Está disponible las 24 horas del día, los 7 días de la semana para ayudarte con cualquier pregunta relacionada con la seguridad en Internet.

Dejar un comentario

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *