[MART] - Daily Diary #300 - PrintNightmare Vulnerability Patch Bypassed

CTAS-MAT ctas-mat at appgate.com
Wed Jul 7 20:50:45 UTC 2021

I hope everyone is doing well!

Below is the entry for today.

07/07/2021 - Diary entry #300:

On our Daily Diaries #295 and #296 we covered PrintNightmare, an exploit that was publicly released for a 0day vulnerability affecting multiple versions of Windows. Yesterday, July 6th, Microsoft released an emergency patch for the vulnerability. The published patch targeted most versions of Windows, including Windows 10 21H1 and some Windows 7 versions. Some versions remain unpatched, like Windows 10 Version 1607, Windows Server 2016 and Windows Server 2012.

However, security researchers already analyzed the patch, and they already bypassed it. The Mimikatz creator published a video in their Twitter profile proving that both Remote Code Execution (RCE) and Local Privilege Escalation (LPE) are still possible on a fully patched server with Point & Print enabled.

Although the patches are helpful to decrease the chances of a Remote exploitation, they are not enough yet to keep your Windows machine safe. In the past days micro-patches addressing the vulnerability were published for free on the 0patch platform, to help the community. However, there isn't any guarantee that those patches are enough to be safe or if it can also be easily bypassed. We still recommend everyone to disable the printing services in Windows Servers that do not require it.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>

Felipe Duarte Domingues
Security Researcher

E: felipe.duarte at appgate.com<mailto:felipe.duarte at appgate.com>
O: +55 19 98840 2509

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/mart/attachments/20210707/6da09c26/attachment.html>

More information about the MART mailing list