KEY POINTS

  • A patch was also issued for Windows 7, which went out of support last year
  • The update failed to fix vulnerable systems, security experts pointed out
  • Attackers can gain system-level access on vulnerable systems

An emergency security patch to the Microsoft operating system has failed to fix a critical flaw in Windows Print Spooler service which allows attackers to remotely execute codes on the affected machines.

Microsoft issued cumulative updates after researchers accidently published last week a proof-of-concept (POC) exploit code known as PrintNightmare that gives potential attackers system-level access to run arbitrary codes, download malware and change or delete data. The company said all editions are vulnerable and even issued an update for Windows 7, which went out of support last year.

"We recommend that you install these updates immediately," said Microsoft. "A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges."

The tech giant shared that their out-of-band update "fully addresses the public vulnerability."

However, Benjamin Delpy, a developer with the hacking and network utility Mimikatz tweeted a video that showed how the exploit can bypass the patch. In the video, the exploit can be seen working against a Windows Server 2019, which had the security patch installed.

The footage showed that the update failed to fix vulnerable systems, which uses certain settings for its point and print feature, reported Ars Technica. The feature enables network users to access printer drives.

The vulnerability in the Windows Print Spooler service was unveiled by Chinese cybersecurity company Sangfor in May, reported CNN. They accidentally published a proof-of-concept and deleted it as soon as they realized it, but not before it took off to other sites.

"Point and Print is not directly related to this vulnerability, but the technology weakens the local security posture in such a way that exploitation will be possible," Microsoft said. "To disallow Point and Print for non-administrators make sure that warning and elevation prompts are shown for printer installs and updates."

Apart from fixing the code execution vulnerability the update also installs a new mechanism, which enables Windows administrators to implement stronger restrictions while installing a printer software, reported Ars Technica.

Even though the patch does not completely fix the flaw, it does provide strong protection against the vulnerability.

Microsoft's European clients have long been concerned over the legal status of data they store with US companies in the cloud and the extent to which they could be scrutinised by US authorities.
Microsoft | Representational Image AFP / Martin BUREAU