The Print Nightmare Method Advances to the Windows 11 Tool Bar and Start Button

September 8, 2021

Once again someone has discovered a bug in Windows machines. The vulnerability allows bad actors access to remove code execution and local privilege escalation. Tech Radar details how this is the second issue related to this vulnerability in “There’s Yet Another New PrintNightmare Hack.” The problem started when Chinese security researchers shared a proof-of-concept exploit online, believing that Microsoft had patched the hole in Windows Print Spooler. Nope!

Microsoft quickly released a patch, but not before damage was done. Creator of the popular exploitation tool Mimkatz, Benjamin Delpy exploit exploited the bug again. The bug enables anyone to gain admin privileges on vulnerable machines. It works like this:

“According to reports, Delpy’s workaround takes advantage of the fact that Windows doesn’t prevent Limited users from installing printer drivers. Furthermore, it won’t complain when these drivers are fetched from remote print servers, and will then run them with the System privilege level.”

Microsoft issued another PrintNightmare patch, but Delpy and other security researchers are not happy with it. They say that Microsoft checks for remote libraries in PrintNightmare patch and it gives an opportunity to work around it. Delpy and other security researchers have since learned a lot about printer spooler and drivers. He released his own proof-of-concept that downloads a rogue driver that misuses the latitude to allow Windows users access to admin privileges. Delpy and others explain this will not be the last of Windows printer spooler abuse.

And how’s that Microsoft method working out?

It is consistent. “Windows 11 Preview Glitch Hits Start menu and Taskbar” explains:

“Recently, Windows Insiders in both the Dev and Beta Channels began reporting that Start and Taskbar were unresponsive and Settings and other areas of the OS wouldn’t load,” wrote the Windows Insiders team at Microsoft in a blogpost.

Yep, consistent.

Whitney Grace, September 8, 2021

Comments

Comments are closed.

  • Archives

  • Recent Posts

  • Meta