Microsoft launched a patch for PrintNightmare vulnerability but the patch doesn’t work. Don’t update your Windows

The PrintNightmare vulnerability has turned out to be a big issue for Windows system users and the cybersecurity community. On Tuesday, Microsoft seemed to have finally addressed this flaw with the release of the KB5004945 update, though things might not turn out as expected.

Just hours after the release of this update, researchers Matthew Hickey and Will Dormann discovered that the company only fixed the existing remote code execution component in PrintNightmare. This means that threat actors could continue to abuse the local privilege escalation bug related to this flaw to gain SYSTEM access to vulnerable implementations, most of them earlier versions of Windows.

As if that weren’t enough, over time more independent researchers and security firms discovered that it is even possible to modify the exploits known for this flaw in order to successfully complete the two attacks in the updated versions.

One of the reports mentions that, to dodge the patch and realize the two attacks, it is only necessary to enable the Windows system policy known as “Point and Print Restrictions”, in addition to disabling the option to display a security alert when installing drivers for a new connection.

In this regard, Hickey maintains that the best option to prevent an attack is still to disable the Print Spooler service, which will keep vulnerable Windows system deployments protected until the company announces the release of a functional security patch.

Finally, experts recommend avoiding the latest update from Microsoft in case users have resorted to other mitigation measures against PrintNightmare.

Finally, experts recommend avoiding the latest Microsoft update in case users have resorted to other mitigation measures against PrintNightmare: “If you are using other security patches, do not apply the Microsoft security patch, as this would modify the ‘localspl.dll’ file, disabling other security measures,” Hickey concludes.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.