Skip to main content
  1. Home
  2. Computing

PrintNightmare isn’t over, as Windows is hit with another printing vulnerability

Arif Bacchus
By

The vulnerabilities in the Windows Print Spooler service just won’t end for Microsoft. Despite a recent patch, a cybersecurity researcher has managed to exploit a new bug in the spooler — showing how someone with bad intent can gain administrative privileges in Windows by using a custom print server.

The new vulnerability works only in a specific situation but is still concerning since it’s not patched. Security researcher Benjamin Delpy showcased the inner workings of the vulnerability on his Twitter. This involves using a specific custom print server to install a specially created print driver that can run at the system-privilege level. This can allow non-admin users to open a command prompt with elevated privileges. You can see this in action in this video, as tested by Bleeping Computer, which first reported on the vulnerability.

Demonstration of remote PrintNightmare driver open a SYSTEM command prompt

Since the vulnerability is not patched, the easiest way to prevent it would be to disable Windows Print Spooler entirely. However, an advisory posted online showcases other methods. These are more complex and involve blocking remote traffic and restricting Point and Print functionality via the Group Policy editor. This makes it so non-admin users can only install print drivers from an approved list, but permitted print servers still can be injected with bad drivers.

Recommended Videos

It doesn’t seem like there’s going to be an end to PrintNightmare vulnerabilities anytime soon. Microsoft already fixed the initial PrintNightmare issue with a rare out-of-band patch, but since then security researchers have been digging into Microsoft’s fix and raising new concerns. On July 16, researchers demonstrated that someone with local (physical) access to a PC can use the Print Spooler to install programs and view, change, or delete data under a specific scenario.

Related

This would be the third big issue reported by researchers, and there could be more on the way soon. The DefCon and Black Hat conferences are coming up. Usually, that’s where issues like this one are discussed. DefCon is the largest underground conference where hackers, corporate IT professionals, and government agencies aim to expand their knowledge and skill set in the world of hacking.

Editors' Recommendations

Topics
Arif Bacchus
Arif Bacchus
Computing Writer
Arif Bacchus is a native New Yorker and a fan of all things technology. Arif works as a freelance writer at Digital Trends…
Windows 11 could be hurting your gaming performance
Overwatch 2 running on the LG OLED 27 gaming monitor.

If you’ve been wondering why your beefy graphics card hasn’t been performing as well as it should in Windows 11 or Windows 10, the answer could be Microsoft’s Virtualization Based Security (VBS). According to testing done by Tom’s Hardware, VBS could cause gaming performance to drop by as much as 10%.

In a suite of fresh benchmarks, Tom’s Hardware tested 15 different games, from Cyberpunk 2077 to Red Dead Redemption 2, both with VBS enabled and with the feature turned off. In some games, the results could be cause for concern.

Read more
PC gamers are flocking to Windows 11, new Steam survey says
Shadow of the Tomb Raider on the Alienware 34 QD-OLED.

According to the latest Steam Hardware and Software Survey, more PC gamers are switching to using Windows 11. Although Windows 10 continues to top the charts, it's slowly losing users to Microsoft's newer operating system, as Windows 11 now compromises over a third of all operating systems in Steam's monthly survey.

It's happy news for Microsoft as Windows 11 continues to inch forward in the Steam Hardware Survey. While the survey doesn't include the software and hardware utilized by each and every gamer on the platform, it still shows us some significant averages. Microsoft has continued to push Windows 11 for new PCs, and the latest survey from Steam suggests that the effort is working.

Read more
No, ChatGPT isn’t going to cause another GPU shortage
Hopper H100 graphics card.

ChatGPT is exploding, and the backbone of its AI model relies on Nvidia graphics cards. One analyst said around 10,000 Nvidia GPUs were used to train ChatGPT, and as the service continues to expand, so does the need for GPUs. Anyone who lived through the rise of crypto in 2021 can smell a GPU shortage on the horizon.

I've seen a few reporters build that exact connection, but it's misguided. The days of crypto-driven-type GPU shortages are behind us. Although we'll likely see a surge in demand for graphics cards as AI continues to boom, that demand isn't directed toward the best graphics cards installed in gaming rigs.
Why Nvidia GPUs are built for AI

Read more