Microsoft’s emergency patch fails to fix critical “PrintNightmare” vulnerability

Game-over code-execution attacks are still possible even after fix is installed.

An emergency patch Microsoft issued on Tuesday fails to fully fix a critical security vulnerability in all supported versions of Windows that allows attackers to take control of infected systems and run code of their choice, researchers said.

The threat, colloquially known as PrintNightmare, stems from bugs in the Windows print spooler, which provides printing functionality inside local networks. Proof-of-concept exploit code was publicly released and then pulled back, but not before others had copied it. Researchers track the vulnerability as CVE-2021-34527.

A big deal

Attackers can exploit it remotely when print capabilities are exposed to the Internet. Attackers can also use it to escalate system privileges once they’ve used a different vulnerability to gain a toe-hold inside of a vulnerable network. In either case, the adversaries can then gain control of the domain controller, which as the server that authenticates local users, is one of the most security-sensitive assets on any Windows network.

“It’s the biggest deal I’ve dealt with in a very long time,” said Will Dormann, a senior vulnerability analyst at the CERT Coordination Center, a nonprofit, United States federally funded project that researches software bugs and works with business and government to improve security. “Any time there’s public exploit code for an unpatched vulnerability that can compromise a Windows domain controller, that’s bad news.”

After the severity of the bug came to light, Microsoft published an out-of-band fix on Tuesday. Microsoft said the update “fully addresses the public vulnerability.” But on Wednesday—a little more than 12 hours after the release—a researcher showed how exploits could bypass the patch