[TheRecord] Microsoft to require admin rights before using Windows Point and Print feature

Microsoft has released today a security update that will change the default behavior of the “Point and Print” feature to mitigate a severe security issue disclosed last month.

First added in Windows 2000, the Point and Print feature works by connecting to a print server to download and install necessary print drivers every time a user creates a connection to a remote printer without providing installation media.

Earlier this year, Jacob Baines, a reverse engineer for Dark Wolf Solutions, found that threat actors inside a company’s network could abuse the Point and Print feature to run a malicious print server and force Windows systems to download and install malicious drivers.

Since Point and Print ran with SYSTEM privileges, the feature effectively provided threat actors with an easy way to gain admin rights inside any large corporate or government network.

Desperate times call for desperate measures

Microsoft initially tried to patch the issue—tracked as CVE-2021-34481—last month, but the patches were deemed incomplete.

Today, the company took another approach. Since the vulnerability is exploiting a design flaw, Microsoft chose today to change the default behavior of the Point and Print feature.

While until now, any user could add a new printer to a Windows computer, Microsoft says that after today’s Patch Tuesday, only admin users will be able to add or update a printer with drivers from a remote print server.

“This change will take effect with the installation of the security updates released on August 10, 2021, for all supported versions of Windows,” Microsoft said today.

“This change may impact Windows print clients in scenarios where non-elevated users were previously able to add or update printers. However, we strongly believe that the security risk justifies this change,” the OS maker added.

For companies and users who don’t want to block printer installations inside their networks, Microsoft has also provided a registry key to continue allowing the old behavior, with the registry key detailed here. However, Microsoft also warns of the risks:

Disabling this mitigation will expose your environment to the publicly known vulnerabilities in the Windows Print Spooler service and we recommend administrators assess their security needs before assuming this risk.

Microsoft Security Response Center

While today’s mitigation came after Baines’ discovery, Microsoft also hopes that this change in the Point and Print feature will also help prevent other attacks against the Print Spooler service, which after a year of various bug disclosures (PrintNightmarePrintDemonFaxHellEvil Printer, and CVE-2020-1337) is now looking like Swiss cheese.

Baines presented his findings at Def Con

Baines, who recently presented details about the Point and Print CVE-2021-34481 bug at the Def Con security conference, also released a tool called Concealed Position that can be used to test networks for his attack method.

The researcher’s Def Con talk is embedded below:

The post Microsoft to require admin rights before using Windows Point and Print feature appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[ESET] Microsoft Power Apps misconfiguration exposes millions of records

All posts, ESET feed

The caches of data that were publicly accessible included names, email addresses and social security numbers The post Microsoft Power Apps misconfiguration exposes millions of records appeared first on WeLiveSecurity Source: Read More (WeLiveSecurity)

Read More

[NCSC-NL] NCSC-NL publishes factsheet ‘Prepare for Zero Trust’

All posts, NCSC-NL

More and more organizations are applying Zero Trust principles, and the need for the implementation of these principles is increasing. Technological developments have rendered many organizations’ traditional views of security and security policies obsolete. Organizations that have embraced Zero Trust principles are less susceptible to external attacks and threats from within. Source: Read More (National […]

Read More

[BleepingComputer] Microsoft removes Windows 11 hack to enable Windows 10 Start Menu

 Microsoft removed a registry hack in the latest preview build that allowed Windows 11 users to revert to the “Classic” Windows 10 Start Menu. […] Source: Read More (BleepingComputer)

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.