Geeks for your information
New Windows PrintNightmare zero-days get free unofficial patch - Printable Version

+- Geeks for your information (https://www.geeks.fyi)
+-- Forum: News (https://www.geeks.fyi/forumdisplay.php?fid=105)
+--- Forum: Privacy & Security News (https://www.geeks.fyi/forumdisplay.php?fid=107)
+--- Thread: New Windows PrintNightmare zero-days get free unofficial patch (/showthread.php?tid=15803)



New Windows PrintNightmare zero-days get free unofficial patch - silversurfer - 06 August 21

Quote:A free unofficial patch has been released to protect Windows users from all new PrintNightmare zero-day vulnerabilities discovered since June.

Technical details and a proof-of-concept (PoC) exploit for a new Windows print spooler vulnerability named 'PrintNightmare'  (CVE-2021-34527) was accidentally disclosed in June.
Quote:Mitja Kolsek, co-founder of the 0patch micropatching service, has released a free micropatch that can be used to fix all known PrintNightmare vulnerabilities.
 
"We therefore decided to implement the group policy-based workaround as a micropatch, blocking Point and Print printer driver installation from untrusted servers. This workaround employs Group Policy settings: the "Only use Package Point and Print" first requires every printer driver is in form of a signed package, while the "Package Point and print - Approved servers" limits the set of servers from which printer driver packages are allowed to be installed." Kolsek explains in a blog post.

Read more: New Windows PrintNightmare zero-days get free unofficial patch