[ad_1]
Emergency section Microsoft released Tuesday failing to address all security issues in all Windows operating systems that allow attackers to control infected systems and run the system they want, researchers said.
These bugs, known as PrintNightmare, come from bugs in Windows print printer, which provides functionality within local networks. Evidence-based practices were publicly disclosed and later reinstated, but not before others were adopted. Investigators pursue a risk factor such as CVE-2021-34527.
The attackers can use them as long as the print is available online. Attacks can also be used to improve access to the system as soon as they use another threat to get their finger on the underlying network. In any case, these enemies can take control of the local administrator, which, as a server that verifies local users, is one of the most secure features on any Windows network.
“It’s the biggest project I’ve been involved with for a long time,” said Will Dormann, a risk analyst at the CERT Coordination Center, a nonprofit United States company that investigates corruption and works with business and government to change security. “Any time it is used in public for unspecified problems that can disrupt Windows windows, it’s bad news.”
When the virus was discovered, Microsoft spread outside the group fix Tuesday. Microsoft says this “helps to address public risk.” But Wednesday – just 12 hours after it was released – another researcher showed how much more could pass through the patch.
“Dealing with cables & file names is difficult,” said Benjamin Delpy, who develops Mimikatz network hacking software and other software, wrote on Twitter.
Following Delpy’s tweet was video which demonstrated the rapid use of action against Windows Server 2019 which set the band patch. The display shows that the update fails to repair a compromised machine that uses another form called so-called pointing and printing, which allows network users to find the printer drivers they may need.
The grave near the bottom of Microsoft’s plan since Tuesday is as follows: “Point and Print do not really agree with this, but technology weakens the security of the community in a way that is cruel to people.”
Incomplete section is the most recent gaffe related to PrintNightmare risk. Last month, Microsoft’s monthly patches were fixed Section #: CVE-2021-1675, a print virus that allows hackers with limited access to the machine to provide access to control. Microsoft was named Zhipeng Huo of Tencent Security, Piotr Madej of Afine, and Yunhai Zhang of Nsfocus for finding and reporting the error.
A few weeks later, two different researchers — Zhiniang Peng and Xuefeng Li from Sangfor — published a CVE-2021-1675 analysis that showed that it could be used not only for random climbs, but also for remote coding. The researchers cited their PrintNightmare offer.
Subsequently, the researchers realized that PrintNightmare used a risk factor that was the same (but the last difference) for CVE-2021-1675. Zhiniang Peng and Xuefeng Li withdrew from their duties to assure them of the threat, but by then, their system had already expanded. Currently there are at least three PoCs available in the community, some of which have the potential to exceed those that were used initially.
Microsoft’s configuration protects Windows servers that are set up as regional servers or Windows 10 tools that use preferences. Wednesday’s show from Delpy shows that PrintNightmare works against multiple systems, including those that have enabled Point and Print and opted for the NoWarningNoElevationOnInstall method. The researcher accomplished this at Mimikatz.
In addition to trying to block the risk of coding, Tuesday’s preparation of CVE-2021-34527 also introduces new machines that allow Windows administrators to set up powerful restrictions while users try to set up a printing program.
“Before launching on July 6, 2021, with the new Windows operating systems with CVE-2021-34527, the security team of printer users can install signed and signed servers on the print server,” a Microsoft Design he said. “Once you set up these updates, admin teams that act as printers can simply install signature drivers. Administrator credentials will be required to install unsigned drivers on the pre-print server. ”
Although the second layer of the band is not implemented, it still provides adequate protection against several types of attacks that could exploit the interference of the printers. So far, there have been no cases in which investigators put the system at risk. Unless this changes, Windows users should install the entire patch from June and Tuesday and wait for further instructions from Microsoft. Representatives of the company did not immediately comment.
The story first appeared Ars Technica.
Many Great Stories
[ad_2]
Source link
