CISA Offers New Mitigation for PrintNightmare Bug - silversurfer - 03 July 21
Quote:The U.S. government has stepped in to offer a mitigation for a critical remote code execution (RCE) vulnerability in the Windows Print Spooler service that may not have been fully patched by Microsoft’s initial effort to fix it.
To mitigate the bug, dubbed PrintNightmare, the CERT Coordination Center (CERT/CC) has released a VulNote for CVE-2021-1675 urging system administrations to disable the Windows Print Spooler service in Domain Controllers and systems that do not print, the Cybersecurity Infratructure and Security Administration (CISA) said in a release Thursday. CERT/CC is part of the Software Engineering Institute, a federally funded research center operated by Carnegie Mellon University.
“While Microsoft has released an update for CVE-2021-1675, it is important to realize that this update does NOT protect Active Directory domain controllers, or systems that have Point and Print configured with the NoWarningNoElevationOnInstall option configured,” CERT/CC researchers wrote in the note.
The mitigation is in response to a scenario that unfolded earlier this week when a proof-of-concept (POC) for PrintNightmare was dropped on GitHub on Tuesday. While it was taken back down within a few hours, the code was copied and remains in circulation on the platform. An attacker can use the POC to exploit the vulnerability to take control of an affected system.
In the meantime, Microsoft Thursday put out a new advisory of its own on PrintNightmare that assigns a new CVE and seems to suggest a new attack vector while attempting to clarify confusion that has arisen over it.
While the company originally addressed CVE-2021-1675 in June’s Patch Tuesday updates as a minor elevation-of-privilege vulnerability, the listing was updated last week after researchers from Tencent and NSFOCUS TIANJI Lab figured out it could be used for RCE.
However, soon after it became clear to many experts that the patch appears to fail against the RCE aspect of the bug—hence CISA’s offer of another mitigation and Microsoft’s update.
Read more: CISA Offers New Mitigation for PrintNightmare Bug | Threatpost
|