Skip to main content

PrintNightmare isn’t over, as Windows is hit with another printing vulnerability

The vulnerabilities in the Windows Print Spooler service just won’t end for Microsoft. Despite a recent patch, a cybersecurity researcher has managed to exploit a new bug in the spooler — showing how someone with bad intent can gain administrative privileges in Windows by using a custom print server.

The new vulnerability works only in a specific situation but is still concerning since it’s not patched. Security researcher Benjamin Delpy showcased the inner workings of the vulnerability on his Twitter. This involves using a specific custom print server to install a specially created print driver that can run at the system-privilege level. This can allow non-admin users to open a command prompt with elevated privileges. You can see this in action in this video, as tested by Bleeping Computer, which first reported on the vulnerability.

Demonstration of remote PrintNightmare driver open a SYSTEM command prompt

Since the vulnerability is not patched, the easiest way to prevent it would be to disable Windows Print Spooler entirely. However, an advisory posted online showcases other methods. These are more complex and involve blocking remote traffic and restricting Point and Print functionality via the Group Policy editor. This makes it so non-admin users can only install print drivers from an approved list, but permitted print servers still can be injected with bad drivers.

It doesn’t seem like there’s going to be an end to PrintNightmare vulnerabilities anytime soon. Microsoft already fixed the initial PrintNightmare issue with a rare out-of-band patch, but since then security researchers have been digging into Microsoft’s fix and raising new concerns. On July 16, researchers demonstrated that someone with local (physical) access to a PC can use the Print Spooler to install programs and view, change, or delete data under a specific scenario.

This would be the third big issue reported by researchers, and there could be more on the way soon. The DefCon and Black Hat conferences are coming up. Usually, that’s where issues like this one are discussed. DefCon is the largest underground conference where hackers, corporate IT professionals, and government agencies aim to expand their knowledge and skill set in the world of hacking.

Editors' Recommendations

Arif Bacchus
Arif Bacchus is a native New Yorker and a fan of all things technology. Arif works as a freelance writer at Digital Trends…
Windows 11 has been causing problems with Intel graphics for months, and no one said a word
A Windows 11 device sits on a table.

If you're using Intel integrated graphics and you've been having some issues with DirectX apps, we may know the reason why -- outdated drivers paired with a recent Windows update.

According to Microsoft, a Windows 11 update may have caused some errors in Intel graphics. The update is not recent at all, so even if you haven't updated in the last few weeks, you may be affected.

Read more
Don’t roll your eyes — AI isn’t just another doomed tech fad
chatgpt says it shouldnt write articles open ai chat bot seen on smartphone placed

Stop me if you've heard this one before: "This new technology will change everything!"

It's a phrase regurgitated endlessly by analysts and tech executives with the current buzzword of the moment plugged in. And in 2023, that buzzword is AI. ChatGPT has taken the world by storm, Microsoft redesigned its Edge browser around an AI chatbot, and Google is rushing to integrate its AI model deeply into search.

Read more
Update Windows now — Microsoft just fixed several dangerous exploits
Person sitting and using an HP computer with Windows 11.

Microsoft has just released a new patch, and this time around, the update comes with fixes for several dangerous and actively abused vulnerabilities and exploits in Windows.

A total of 68 vulnerabilities were addressed in the patch, many of them critical. Here's what was fixed and how to make sure your Windows device is up to date.

Read more