The Windows print spooler vulnerability continues to be exploited by researchers. Security researcher Benjampin Delpy found several ways to bypass and take advantage of the vulnerability known as PrintNightmare. Delpy recently shared a video showing that an exploit allows people to effectively gain administrative privileges on a PC.
Microsoft issued a critical security patch for the PrintNightmare vulnerability, but researchers have found ways around it. Delpy’s workaround involves a print server that can install a print driver. This driver can then launch a Dynamic Link Library (DLL) file with SYSTEM privileges.
BleepingComputer installed the print driver in question and saw the same results as Delpy. Despite the test computer being a fully patched PC running the latest version of Windows 10, a user with standard privileges was able to disable Windows Defender and gain full SYSTEM privileges.
Delpy’s method lets anyone who installs the remote print driver gain administrative privileges on a PC. This access could be used in several ways, including creating new users, installing software, or deploying ransomware on a PC.
Delpy told BleepingComputer that he’s trying to pressure Microsoft to release fixes for the vulnerability.
A CERT advisory from Will Dormann outlines multiple mitigations for the vulnerability:
- Stop and disable the Print Spooler service.
- Disable inbound remote printing through Group Policy.
- Block RPC and SMB ports at the firewall.
- Enable security prompts for Point and Print.
- Restrict printer driver installation ability to administrators.
The advisory breaks down each option in more technical detail. We also have a guide on how to mitigate the PrintNightmare vulnerability that we update as more information comes in.
We may earn a commission for purchases using our links. Learn more.