Kaspersky Comment: Critical Microsoft vulnerability is failed to be patched – leaves devices at significant risk

Kaspersky Comment: Critical Microsoft vulnerability is failed to be patched – leaves devices at significant risk

Security researchers have found that, despite recent efforts by Microsoft, a critical windows vulnerability has failed to be patched, allowing hackers to take full control of computers and servers.

In early June, Microsoft patched a Windows vulnerability that it initially classified as low risk. But security researchers say that patch didn’t actually fix a closely related, much worse vulnerability. This bug is called PrintNightmare, and it exploits a flaw in a legacy Windows’ printing service that is used by default on several versions of Windows and Windows Server.

Below is commentary from Boris Larin, Senior Security Researcher at Kaspersky’s GReAT, which provides background to the vulnerability, and provides recommendations on how to mitigate risk of exploitation.

“Researchers Zhiniang Peng and Xuefeng Li posted the PrintNightmare exploit on their Twitter account on Tuesday, along with an announcement of their upcoming BlackHat presentation. Apparently, the researchers did this by mistake, assuming that the vulnerability used in their exploit was patched as CVE-2021-1675, and that the patch for it was released on June 8th. This turned out not to be the case, the patch for CVE-2021-1675 fixed another vulnerability, and the PrintNightmare exploit turned out to be a zero-day exploit with no security patch available. The researchers removed the exploit code from their GitHub account when they realized, but by then it was too late and the code was re-uploaded by other users.

The vulnerability is undoubtedly serious because it allows you to elevate privileges on the local computer or gain access to other computers within the organization’s network. At the same time, this vulnerability is generally less dangerous than, say, the recent zero-day vulnerabilities in Microsoft Exchange, mainly because in order to exploit PrintNightmare, attackers must already be on the corporate network.”

Kaspersky recommends that organizations adhere to the following cybersecurity measures:

• Install proven business security software on all endpoints, including mobile devices.

• Make sure your employees know who to contact if they have an IT or cybersecurity issue. Pay special attention to those who have to work with personal devices: give them special security recommendations and provide appropriate policies.

• Take key measures to protect corporate data and devices, including setting a password, encrypting work devices, and ensuring data backups.

• Schedule employee training to improve their digital literacy, including online. This will teach them how to manage accounts and passwords, ensuring the security of email and devices.
END

Similar Posts