Image: Microsoft

Microsoft pushed an emergency update to Windows users yesterday for “PrintNightmare,” a zero-day vulnerability that allows attackers to remotely execute code with system privileges on various versions of the operating system. Unfortunately, users are beginning to learn that the update is only partially effective. As discovered by security researchers Matthew Hickey and Will Dormann, Microsoft only fixed the remote code execution component of the vulnerability, allowing threat actors to continue leveraging the exploit by using the local privilege escalation component to gain system privileges for both older and newer Windows versions. This is possible on the latter if the Point and Print policy is enabled. Admins and users are advised to leave the Print Spooler service disabled until Microsoft releases a more thorough patch, but 0patch’s micropatch has reportedly been effective at blocking the vulnerability.

[…] as more researchers began modifying their exploits and testing the patch, it was determined that exploits could bypass the entire patch entirely to achieve both local privilege escalation (LPE) and remote code execution (RCE). According to Mimikatz creator Benjamin Delpy, the patch could be bypassed to achieve Remote Code Execution when the Point and Print policy is enabled.

Sources: Matthew Hickey, Will Dormann, Benjamin Delpy, Bleeping Computer

Don’t Miss Out on More FPS Review Content!

Our weekly newsletter includes a recap of our reviews and a run down of the most popular tech news that we published.

Join the Conversation


  1. Oh great. My company is rolling out emergency patches this weekend. Guess they will get to do it twice.

    Meanwhile, while I got the patch auto installed on my home box… my video card and monitor just started freaking the hell out until I rebooted. Not sure what that was about

  2. [QUOTE=”Brian_B, post: 37389, member: 96″]
    My comp has been digging out from the ransomware…

    Been there done that. Now EVERY STUPID LOGON goes through MFA, I must do it 30+ times a day. And they took away local admin rights on laptops even for us IT folk. Basically the laptop is now just for email, Teams, and remoting into a VDI desktop. It has no access to anything.

Leave a comment