Microsoft’s most recent attempt to remedy PrintNightmare vulnerabilities results in network printing problems.

Spread the love

The most recent patch Tuesday’s initiatives have created a new nightmare for network printers.

Microsoft’s attempt to fix the PrintNightmare vulnerability has resulted in unexpected network printing problems. Network administrators must now choose between fixing a critical vulnerability and preserving necessary print capabilities for their organisation until a more permanent solution is found.

Microsoft’s most recent Patch Tuesday release may have resolved the final remains of the PrintNightmare vulnerabilities, but in doing so, may have also impacted users’ ability to access network printer resources. The vulnerability, identified in June 2021, provides the unwanted ability to initiate remote code executions (RCEs) via the long-plagued Windows Print Spooler.

While the latest patch did resolve the current vulnerability, it also introduced a new problem: the inability of some users to access network printers. Network administrators responsible for managing system patching have reported problems ranging from event logs recording error 4098 warnings to missing printer ports to access denied errors preventing use. The reported issues are currently being resolved by rolling back the update.

READ ALSO:  Apple CEO Tim Cook testifies in an antitrust lawsuit for the first time.

Microsoft’s latest print spooler-based common vulnerability and exposure (CVE) article addressed a finding allowing attackers who successfully exploited the vulnerability to execute code with elevated privileges via remote code execution. This escalated privilege would allow the attacker to access and gain unwanted control of the target machine. Unfortunately for Microsoft, the print spooler service is no stranger to security risks and vulnerabilities. Since 2020, there have been several CVEs released related to the service.

RCE attacks are a particularly dangerous and damaging type of attack due to their invasive nature. An attacker can gain control of a target machine, manipulate programs and data, or even create new accounts with full access rights by executing malicious code. These attacks became particularly prevalent during the initial crypto-mining boom in 2017 and continue today.

Attackers use available exploits, such as web application code vulnerabilities, to install malware designed to download and run CPU-based mining programs. The programs run silently in the background, robbing unknowing users of computing resources and impacting overall usability while using the hijacked resources to illegally mine cryptocurrency.

READ ALSO:  AMD rumored to be working on an Arm-based Apple M1 rival

The post-patch network printing bug has been verified across multiple models and manufacturers. However, the problem does not appear to impact those users connected to a printer via universal serial bus (USB) connections.


Leave a Reply