{"id":20904,"date":"2021-08-06T01:03:59","date_gmt":"2021-08-05T23:03:59","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=20904"},"modified":"2022-06-27T09:19:41","modified_gmt":"2022-06-27T07:19:41","slug":"0patch-fix-fr-neue-windows-printnightmare-0-day-schwachstelle-5-aug-2021","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2021\/08\/06\/0patch-fix-fr-neue-windows-printnightmare-0-day-schwachstelle-5-aug-2021\/","title":{"rendered":"0patch fix for new Windows PrintNightmare 0-day vulnerability (Aug. 5, 2021)"},"content":{"rendered":"

\"Windows\"[German<\/a>]In the blog post PrintNightmare: Point-and-Print allows installation of arbitrary files<\/a> I had reported about a new vulnerability in Windows. A remote print server, which can be reached by unauthorized persons, allows to install arbitrary malicious files on the clients via point-and-print. In the article I had also mentioned ways to mitigate it. Now ACROS Security has presented a free 0Patch solution for various Windows Server versions that prevents exploitation of the vulnerability.<\/p>\n

<\/p>\n

New attack vector print server<\/h2>\n

\"\"Security researcher Benjamin Delpy has published several variants of the attack vector for the printer interface. The attacker sets up a printer with a modified driver on a computer he controls. In the second step, he then installs this printer on another Windows computer using Point and Print. Through this move, he gains complete control over that computer even as a normal user. While this is only a local privilege escalation, it becomes a problem when the attacker, in conjunction with social engineering, gets a user to execute malicious code locally. <\/p>\n

The 0Patch solution <\/h2>\n

The team at ACROS Security, which has been providing the 0Patch solution for years, analyzed the vulnerability and quickly developed a micropatch to render the vulnerability harmless. Mitja Kolsek brought this free solution to my attention via Twitter<\/a>. <\/p>\n

\"0Patch-Lösung<\/a> <\/p>\n

The details are described in this blog post<\/a> from 0patch. The 0patch micropatches are available for free for the following products: <\/p>\n

    \n
  1. Windows Server 2019<\/b> (updated with July 2021 Updates)\n
  2. Windows Server 2016<\/b> (updated with July 2021 Updates)\n
  3. Windows Server 2012 R2 <\/b>(updated with July 2021 Updates)\n
  4. Windows Server 2012 <\/b>(updated with July 2021 Updates)\n
  5. Windows Server 2008 R2 <\/b>(updated with January 2020 Updates, no Extended Security Updates) <\/i>\n
  6. Windows Server 2008 R2 <\/b>(updated with January 2021 Updates, first year of Extended Security Updates only) <\/i>\n
  7. Windows Server 2008 R2 <\/b>(updated with July 2021 Updates, second year of Extended Security Updates) <\/i>\n
  8. Windows 10 v21H1 <\/b>(updated with July Updates)\n
  9. Windows 10 v20H2 <\/b>(updated with July Updates)\n
  10. Windows 10 v2004 <\/b>(updated with July Updates) <\/b>\n
  11. Windows 10 v1909 <\/b>(updated with July Updates) <\/b>\n
  12. Windows 10 v1903 <\/b>(updated with December 2020 Updates – latest before end of support)\n
  13. Windows 10 v1809 <\/b>(updated with May 2021 Updates – latest before end of support) <\/b>\n
  14. Windows 10 v1803 <\/b>(updated with May 2021 Updates – latest before end of support)
    <\/b>\n
  15. Windows 10 v1709 <\/b>(updated with October 2020 Updates – latest before end of support)\n
  16. Windows 7 <\/b>(updated with January 2020 Updates, no Extended Security Updates)\n
  17. Windows 7 <\/b>(updated with January 2021 Updates, first year of Extended Security Updates only)\n
  18. Windows 7 <\/b>(updated with July 2021 Updates, second year of Extended Security Updates)<\/li>\n<\/ol>\n

    Notes on how the 0patch agent works, which loads the micropatches into memory at the runtime of an application, can be found in the blog posts (such as here<\/a>).<\/p>\n

    Similar articles:
    <\/strong>    Windows 7: Forcing February 2020 Security Updates<\/a> \u2013 Part 1
    Windows 7: Securing with the 0patch solution<\/a> \u2013 Part 2
    0patch supports Office 2010 with micro patches after the end of support (EOL)<\/a>
    Windows 7\/Server 2008\/R2: 0patch delivers security patches after support ends<\/a>
    Project: Windows 7\/Server 2008\/R2 Life Extension & 0patch one month trial<\/a>
    0patch: Fix for Internet Explorer 0-day vulnerability CVE-2020-0674<\/a>
    0patch: Fix for Windows Installer flaw CVE-2020-0683<\/a>
    0patch fix for Windows GDI+ vulnerability CVE-2020-0881<\/a>
    0-day vulnerability in Windows Adobe Type Library<\/a>
    0patch fixes CVE-2020-0687 in Windows 7\/Server 2008 R2<\/a>
    0patch fixes CVE-2020-1048 in Windows 7\/Server 2008 R2<\/a>
    0patch fixes CVE-2020-1015 in Windows 7\/Server 2008 R2<\/a>
    0patch for 0-day RCE vulnerability in Zoom for Windows<\/a>
    Windows Server 2008 R2: 0patch fixes SIGRed vulnerability<\/a>
    0patch fixes CVE-2020-1113 in Windows 7\/Server 2008 R2<\/a>
    0patch fixes CVE-2020-1337 in Windows 7\/Server 2008 R2<\/a>
    0patch fixes CVE-2020-1530 in Windows 7\/Server 2008 R2<\/a>
    0patch fixes Zerologon (CVE-2020-1472) vulnerability in Windows Server 2008 R2<\/a>
    0patch fixes CVE-2020-1062 in Windows 7\/Server 2008 R2<\/a>
    0patch fixes CVE-2020-1300 in Windows 7\/Server 2008 R2<\/a>
    0patch fixes 0-day vulnerability in Windows 7\/Server 2008 R2<\/a>
    0patch fixes CVE-2020-1013 in Windows 7\/Server 2008 R2<\/a>
    0patch fixes a Local Privilege Escalation 0-day in Sysinternals PsExec<\/a>
    0patch fixes Windows Installer 0-day Local Privilege Escalation vulnerability<\/a>
    0patch fixes 0-day in Internet Explorer<\/a>
    0patch fixes CVE-2021-26877 in the DNS server of Windows Server 2008 R2<\/a>
    0patch fixes Windows Installer LPE-Bug (CVE-2021-26415)<\/a>
    0Patch provides support for Windows 10 version 1809 after EOL<\/a>
    Windows 10 V180x: 0Patch fixes IE vulnerability CVE-2021-31959<\/a>
    0Patch Micropatches for PrintNightmare Vulnerability (CVE-2021-34527)<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

    [German]In the blog post PrintNightmare: Point-and-Print allows installation of arbitrary files I had reported about a new vulnerability in Windows. A remote print server, which can be reached by unauthorized persons, allows to install arbitrary malicious files on the clients … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,2],"tags":[69,194],"class_list":["post-20904","post","type-post","status-publish","format-standard","hentry","category-security","category-windows","tag-security","tag-windows"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/20904","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=20904"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/20904\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=20904"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=20904"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=20904"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}