It was fun while it lasted, and puts other operating systems at an advantage.
[Wayback] Jeroen Wiert Pluimers on Twitter: “Bye bye printer Plug & Play on Windows for end-users: … Though MacOS has its share of printer driving issues (like only printing monochrome to colour printers), this is a serious step back on Windows compared to MacOS.”
More on the MacOS printer woes in a later blog post.
Web related:
- [Wayback] More PrintNightmare: “We TOLD you not to turn the Print Spooler back on!” – Naked Security
- [Wayback] Microsoft responds to PrintNightmare by making life that little bit harder for admins • The Register:
Have they forgotten SysAdmin Appreciation Day so soon?
- [Wayback] Point and Print Default Behavior Change – Microsoft Security Response Center
Today, we are addressing this risk by changing the default Point and Print driver installation and update behavior to require administrator privileges. The installation of this update with default settings will mitigate the publicly documented vulnerabilities in the Windows Print Spooler service. This change will take effect with the installation of the security updates released on August 10, 2021 for all supported versions of Windows, and is documented as CVE-2021-34481.
- [Wayback] KB5005652—Manage new Point and Print default driver installation behavior (CVE-2021-34481)
- [Archive.is] Security Update Guide – CVE-2021-36958
- [Wayback] Microsoft Warns: Another Unpatched PrintNightmare Zero-Day | Threatpost
Twitter related:
- [Archive.is] 🥝 Benjamin Delpy on Twitter: “Basicaly: – assuming default value is “restrict install to admin” 1 now – more check on remote files install path… “
- [Archive.is] 🥝 Benjamin Delpy on Twitter: “August PatchTuesday #printnightmare… “
- [Archive.is] 🥝 Benjamin Delpy on Twitter: “Want to test #printnightmare (ep 4.x) user-to-system as a service?🥝 (POC only, will write a log file to system32) connect to … with – user: .\gentilguest – password: password Open ‘Kiwi Legit Printer – x64’, then ‘Kiwi Legit Printer – x64 (another one)’… …”
- [Archive.is] Victor Mata on Twitter: “Hey guys, I reported the vulnerability in Dec’20 but haven’t disclosed details at MSRC’s request. It looks like they acknowledged it today due to the recent events with print spooler.… “
- [Archive.is] Will Dormann on Twitter: “For what it’s worth, Microsoft has just notified me that they published … for this issue. That is, the execution of code specified in “CopyFiles” directives of shared printers (VU#131152) is (per Microsoft’s confirmation to me): CVE-2021-36958… …”
–jeroen
The Wiert Corner - irregular stream of stuff 