For the second time, Microsoft has attempted and failed to patch the PrintNightmare vulnerability. Tracked initially as CVE-2021-1675, and the second RCE as CVE-2021-34527. We warned you about this last week, but a few more details are available now. The original reporter, [Yunhai Zhang] confirms our suspicions, stating on Twitter that “it seems that they just test with the test case in my report”.
CVE-2021-1675 is meant to fix PrintNightmare, but it seems that they just test with the test case in my report, which is more elegant and also more restricted. So, the patch is incomplete. : (
— Yunhai Zhang (@_f0rgetting_) July 1, 2021
Microsoft has now shipped an out-of-band patch to address the problem, with the caveat that it’s known not to be a perfect fix, but should eliminate the RCE element of the vulnerability. Except … if the server in question has the point and print feature installed, it’s probably still vulnerable. And to make it even more interesting, Microsoft says they have already seen this vulnerability getting exploited in the wild.
Ransomware, The Big One
Kaseya makes remote management, security, and network monitoring products for IT departments and companies. Their VSA product specifically does remote monitoring and management, and had an optional on-premises component. Put simpler, you put their server on your network, and then installed their client on every computer you manage. The clients report back to the server, and you can ..
Support the originator by clicking the read the rest link below.
