Microsoft’s Emergency Patch Ineffective Against PrintNightmare RCE Vulnerability

July 8, 2021

Microsoft’s attempt to mitigate the notorious PrintNightmare vulnerability across Windows 10 version 1607, Windows Server 2012, and Windows Server 2016 has proven inadequate. Reports indicate that the fix for the remote code execution exploit within the Windows Print Spooler service can still be circumvented under certain conditions, allowing attackers to execute arbitrary code on compromised systems. The company released an emergency out-of-band update for CVE-2021-34527 (CVSS score: 8.8) after researchers from Hong Kong-based cybersecurity firm Sangfor unintentionally disclosed the flaw late last month. Notably, this vulnerability is distinct from another issue, CVE-2021-1675, which Microsoft addressed on June 8. “Several days ago, two security vulnerabilities were identified in Microsoft Windows’ existing printing mechanism,” explained Yaniv Balmas, head of cyber research at C…

Microsoft’s Emergency Patch Fails to Fully Resolve PrintNightmare RCE Vulnerability

On July 8, 2021, Microsoft announced the release of an emergency out-of-band update intended to address the PrintNightmare vulnerability, officially identified as CVE-2021-34527. This flaw pertains to a remote code execution (RCE) exploit within the Windows Print Spooler service, impacting various versions of Windows, including Windows 10 version 1607, Windows Server 2012, and Windows Server 2016. While the company expanded its patching efforts following the accidental discovery of this vulnerability by researchers at Hong Kong’s Sangfor Technologies, new findings indicate that the security measures implemented may not be as robust as necessary.

The discovery of this vulnerability follows a similar issue known as CVE-2021-1675, which Microsoft had patched on June 8. The recently uncovered exploit allows attackers to bypass the newly issued security update under specific circumstances, effectively nullifying the intended protections. As a result, it creates a pathway for malicious actors to execute arbitrary code on compromised systems, posing significant security risks to businesses and consumers alike.

In these instances, the attackers could leverage various tactics and techniques identified in the MITRE ATT&CK Matrix. Notably, initial access may be gained using spear phishing or exploiting the vulnerable Print Spooler service directly, allowing for timely and undetected infiltration of organizational networks. Once inside, adversaries could employ privilege escalation techniques to elevate their access, thus increasing the severity of the breach. The vulnerabilities within the Print Spooler serve as a stark reminder of how critical it is for organizations to maintain robust security protocols and to follow up on updates promptly.

Organizations that serve as targets of these vulnerabilities range from small businesses to large enterprises, indicating that no entity is immune to cyber threats. In this case, Microsoft’s own updates have fallen short in providing comprehensive protection, highlighting the complexity of addressing such vulnerabilities in widely used software platforms. As businesses increasingly rely on remote operations, system vulnerabilities like PrintNightmare pose a heightened risk that must be mitigated through vigilant security practices.

In light of these developments, business owners are urged to evaluate their current security posture and ensure that all updates are applied promptly and effectively. Understanding the specifics of vulnerabilities like PrintNightmare can significantly bolster an organization’s defense against potential cyber-attacks. Cybersecurity should not be viewed as a one-time exercise but a continuous and evolving practice requiring awareness and proactive measures to safeguard sensitive data and maintain operational integrity.

As the cybersecurity landscape continues to evolve, the ramifications of unaddressed vulnerabilities can lead not only to material losses but also to long-term damage to brand reputation. Thus, prioritizing cybersecurity must be a critical element of strategic planning for any business operating in the digital realm, especially following incidents that reveal systemic flaws in established technologies.

Source link

Related Posts

How to Address the Microsoft Print Spooler Vulnerability: Understanding PrintNightmare

Published on July 8, 2021

Recently, the PrintNightmare vulnerability in Microsoft’s Print Spooler (CVE-2021-34527) was escalated from ‘Low’ to ‘Critical’ severity. This change follows the release of a Proof of Concept on GitHub, which attackers might exploit to gain access to Domain Controllers. Although Microsoft issued a patch in June 2021, it fell short in preventing further exploits, as the Print Spooler feature remains accessible for remote connections. This article provides crucial insights into the vulnerability and offers guidance on mitigation strategies.

Overview of Print Spooler: The Print Spooler is a Microsoft service responsible for managing and monitoring print jobs. It is one of the oldest components in the Microsoft ecosystem and has seen minimal updates since its inception. By default, this service is enabled on all Microsoft devices, including servers and endpoints.

Understanding the PrintNightmare Vulnerability: Once an attacker achieves limited user access, they can exploit the Print Spooler to escalate privileges…

Critical Security Vulnerabilities Identified in Sage X3 Enterprise Management Software

Published: July 8, 2021

Recent research has revealed four significant security vulnerabilities in Sage X3’s enterprise resource planning (ERP) software. Two of these vulnerabilities can potentially be combined to facilitate an attack, allowing malicious actors to execute harmful commands and gain control over compromised systems. These issues were identified by researchers at Rapid7, who reported their findings to Sage Group on February 3, 2021. In response, the company has released patches for various versions of Sage X3, including Version 9 (Syracuse 9.22.7.2), Sage X3 HR & Payroll Version 9 (Syracuse 9.24.1.3), Version 11 (Syracuse 11.25.2.6), and Version 12 (Syracuse 12.10.2.8) in March. The identified vulnerabilities include:

  • CVE-2020-7388 (CVSS score: 10.0): Unauthenticated Remote Command Execution (RCE) as SYSTEM in the AdxDSrv.exe component.
  • CVE-2020-7389 (CVSS score: 5.5): System “CHAINE” Variable Script Command Injection (No fix planned).

Significant Vulnerabilities Identified in Philips Vue PACS Medical Imaging Systems

Date: July 9, 2021

A series of security vulnerabilities have been revealed in the Philips Clinical Collaboration Platform Portal (commonly known as Vue PACS). Some of these vulnerabilities could potentially be exploited by malicious actors to gain control over affected systems. According to a warning from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), “Successful exploitation of these vulnerabilities could allow an unauthorized person or process to eavesdrop, view or modify data, gain system access, perform code execution, install unauthorized software, or compromise system data integrity, thereby threatening the confidentiality, integrity, or availability of the system.”

These 15 vulnerabilities affect the following systems:

  • VUE Picture Archiving and Communication Systems (versions 12.2.x.x and earlier)
  • Vue MyVue (versions 12.2.x.x and earlier)
  • Vue Speech (versions 12.2.x.x and earlier)
  • Vue Motion (versions 12.2.1.5 and earlier)

Notably, four specific issues (CVE-2020-1938, CVE-2018-12326, CVE-2018-11218, CVE-2020-4670, and CVE-2018-8014) have been assigned a Critical rating.

Urgent: Critical RCE Vulnerability in ForgeRock Access Manager Under Active Exploitation

Cybersecurity agencies in Australia and the U.S. are sounding the alarm about a serious vulnerability in ForgeRock’s OpenAM access management system, which is being actively exploited to execute remote code on compromised systems. The Australian Cyber Security Centre (ACSC) has reported that threat actors are leveraging this flaw to infiltrate multiple hosts, deploying additional malware and tools. However, details regarding the nature and scope of the attacks, as well as the identities of the perpetrating actors, remain undisclosed.

Identified as CVE-2021-35464, this vulnerability is a pre-authentication remote code execution (RCE) flaw linked to unsafe Java deserialization in the Jato framework used by ForgeRock Access Manager. Exploiting this vulnerability allows attackers to execute commands within the context of the current user rather than as a root user.