Skip to main content

PrintNightmare isn’t over, as Windows is hit with another printing vulnerability

The vulnerabilities in the Windows Print Spooler service just won’t end for Microsoft. Despite a recent patch, a cybersecurity researcher has managed to exploit a new bug in the spooler — showing how someone with bad intent can gain administrative privileges in Windows by using a custom print server.

The new vulnerability works only in a specific situation but is still concerning since it’s not patched. Security researcher Benjamin Delpy showcased the inner workings of the vulnerability on his Twitter. This involves using a specific custom print server to install a specially created print driver that can run at the system-privilege level. This can allow non-admin users to open a command prompt with elevated privileges. You can see this in action in this video, as tested by Bleeping Computer, which first reported on the vulnerability.

Related Videos
Demonstration of remote PrintNightmare driver open a SYSTEM command prompt

Since the vulnerability is not patched, the easiest way to prevent it would be to disable Windows Print Spooler entirely. However, an advisory posted online showcases other methods. These are more complex and involve blocking remote traffic and restricting Point and Print functionality via the Group Policy editor. This makes it so non-admin users can only install print drivers from an approved list, but permitted print servers still can be injected with bad drivers.

It doesn’t seem like there’s going to be an end to PrintNightmare vulnerabilities anytime soon. Microsoft already fixed the initial PrintNightmare issue with a rare out-of-band patch, but since then security researchers have been digging into Microsoft’s fix and raising new concerns. On July 16, researchers demonstrated that someone with local (physical) access to a PC can use the Print Spooler to install programs and view, change, or delete data under a specific scenario.

This would be the third big issue reported by researchers, and there could be more on the way soon. The DefCon and Black Hat conferences are coming up. Usually, that’s where issues like this one are discussed. DefCon is the largest underground conference where hackers, corporate IT professionals, and government agencies aim to expand their knowledge and skill set in the world of hacking.

Editors' Recommendations

The dream isn’t over — AMD’s RX 7900 XTX may still hit 3GHz
The RX 7900 XTX.

Prior to AMD's launch of its new RDNA 3 GPUs, the rumor mill has been running wild with speculation about clock speeds on the new flagships. Some sources said that the cards would be able to hit 3GHz; 4GHz has also been floated around as a highly unbelievable, but enticing theory. Now that we know more about the Radeon RX 7900 XTX and RX 7900 XT, it's safe to say they won't be hitting 3GHz, let alone 4GHz.

With that said, it seems that 3GHz for RDNA 3 is not entirely out of the question -- it just seems very unlikely to happen on AMD's own reference models. Here's what we know.

Read more
Microsoft’s DirectStorage may improve loading times by 200%, but don’t get too excited
Person using a gaming monitor.

Microsoft has just introduced GPU decompression to its new DirectStorage API, bringing it to version 1.1.

GPU decompression can provide huge performance gains in gaming -- Microsoft promises up to a 200% performance improvement in loading times. Unfortunately, it's still much too early to get excited -- we might not see DirectStorage for quite a while.

Read more
Can’t get the Windows 11 22H2 update? There could be a good reason why
heres whats coming in windows 10 build 11099 hello

If you've been waiting for the Windows 11 22H2 update or just noticed that one computer hasn't been asking you to update while others have, there could be a very good reason for the delay. If you've been tempted to manually install the latest version by using the Update Now button or the Media Creation Tool, Microsoft recommends against it.

According to Microsoft, the Windows 11 22H2 update could interfere with signing in with Windows Hello in some circumstances. Microsoft notes that the trouble arises on devices that have Windows Hello enabled before installing the update. However, setting up Windows Hello afterward doesn't cause any issues.

Read more