Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

There's yet another new PrintNightmare hack

Image Description

The PrintNightmare vulnerability is living up to its name with another cybersecurity researcher exploiting the bug in a privilege escalation attack.

PrintNightmare created havoc when it was accidentally disclosed by Chinese security researchers who put out a proof-of-concept exploit thinking the vulnerability in Windows Print Spooler had already been patched by Microsoft, which pushed the company to put out a new patch to address the remote code exploitation (RCE) vulnerability as well.

Now, Benjamin Delpy, creator of popular post exploitation tool Mimikatz, has found a way to exploit the vulnerability in the Windows Print Spooler to enable any user to gain admin privileges on a vulnerable computer.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window

According to reports, Delpy’s workaround takes advantage of the fact that Windows doesn’t prevent Limited users from installing printer drivers. Furthermore, it won’t complain when these drivers are fetched from remote print servers, and will then run them with the System privilege level. 

No end to the abuse

After issuing an out-of-band update, Microsoft also included the PrintNightmare patch in its July Patch Tuesday.

Notably, a section of security researchers, including Delpy, had raised concerns about the patch arguing that it’s how Microsoft checks for remote libraries in the PrintNightmare patch that offers an opportunity to work around the patch.

In a tweet, Delpy mentioned that PrintNightmare has taught him “a lot about printer spooler & drivers (even how to build and sign them).”

He’s put all his learnings into action by demonstrating a proof-of-concept (PoC) that downloads a rogue driver that misuses the latitude it’s given by Windows to eventually fire up a system prompt even for a user with a limited access account. 

Speaking to Bleeping Computer, Delpy shared that we haven’t seen the last of Windows print spooler abuse, pointing to a couple of upcoming sessions at DefCon and Black Hat conferences that will share new shortcomings and exploits.

Via BleepingComputer

Date

02 Aug 2021

Sources

Share

Other Blog

  • Dell's new Latitude laptops could be perfect for the business power user

    Dell has added two new business laptops to its Latitude line and refreshed its Precision mobile workstations.

    Read More

  • After the Huawei MatePad Paper, here are 5 more brands we want to see make ereaders

    One of the most intriguing product launches of MWC 2022 is the Huawei MatePad Paper, which is a tablet with an E-Ink screen. It's also the first product from Huawei to use this kind of tech.

    E-Ink screens are different from LCD, OLED, or AMOLED. The reflective technology recreates the look of ink on paper. It's been popularized by all the best ereader brands, like Amazon Kindle devices and Kobo tablets, as well as Onyx Boox ones.

    Huawei's new tablet, which comes with a stylus, access to the company's Huawei Books app, and even plays video, is an interesting step into a tech territory that Amazon has previously dominated with its Kindles.

    This isn't the first time E-Ink spread its monochrome wings to other brands, Back in the mid-aughts, dozens of companies big and small tried to capitalize on Amazon's Kindle success. CES back then had an entire area devoted to all the new E-Ink tablets. There were even a few color ones. None survived and the tech world quickly turned its attention to iPad competitors.

    But now here we are again. Huawei's brand new ereader debut has got us thinking: What if other companies jumped back into the breach and launched E-Ink devices? What would they be like?

    Here's a list of five companies that could put out interesting devices into this long-neglected sector.

    Apple

    This is an obvious one - what would an Apple ereader look like? What would it be called? iReader?

    The company is notorious for only launching products when the tech is in a 'finished' state, which is why we haven't seen a foldable from it. In the Apple ereader world that likely means color displays, useful extra apps, and easy connectivity between iPads and iPhones.

    That latter point is really important, as Apple fans stick to their ecosystem, and lots of the company's products work well in tandem together. If you can easily pick a book on your iPhone and it download it onto your iReader, or write a note on the ereader with an Apple Pencil, and then drop the result onto your iPad, it'd be a handy device.

    Sure, Apple isn't exactly known for offering affordable tech, so the iReader would likely be an expensive device. But for Apple fans, it'd be a handy extra piece of tech.

    Samsung

    If Apple does it, Samsung has to, too.

    Samsung could safely be characterized as Apple's rival, and the company puts out lots of tech that could tempt people who'd otherwise buy an i-device.

    A Samsung ereader could borrow traits from the company's other gadgets. Samsung puts out some huge-screen devices, like its Ultra phones or tablets, and has lots of features for its S Pen stylus that make it useful for note-taking. Perhaps a Samsung ereader could be a useful note-taking device that has a much longer-lasting battery than the Tab S8 Ultra or similar.

    Sony Reader

    The Sony Reader (Image credit: Future)

    Sony

    Sony's an interesting one on this list, as it actually did make ereaders, called the Sony Readers. Yeah, really imaginative.

    When it comes to its gadgets, Sony excels when it makes devices that are specialist tools - just look at its smartphones or cameras. And if it revived its Sony Reader line, perhaps it could do so again.

    We could see a device that's designed specifically with note-taking features in mind, similar to the Remarkable Tablet 2, or as a way to both read and mark up books, which would be really useful to students.

    Of all the companies on this list, we imagine Sony is the least likely to do an ereader, as it's tried before and doesn't work as closely in the mobile and tablet sphere as the others (it's the only one here not to have released a tablet, recently), but never say never.

    Lenovo

    Lenovo is pretty good for its entertainment gadgets - its Yoga Pads are great streaming tablets and it has a whole Legion sub-brand for gaming tech. And since reading is entertaining, an ereader doesn't sound outside the realms of possibility.

    Judging by Lenovo's habits, we imagine this wouldn't be a very expensive device, but would perhaps be built with utilitarian features like a kickstand or grip.

    Lenovo does make lots of productivity devices too, like its ThinkPad laptops, so perhaps we would see an ereader with useful tools to make it emulate your trusty pocket notebook. Still, we think a luxury book-reading device would be more likely.

    HMD Global

    Like Lenovo, HMD Global is big on its affordable tech - you'd know it as the brand that makes Nokia devices.

    We've listed lots of companies on this list that could build premium devices, but it's always worth remembering the affordable ones, especially since that's what Amazon makes with its Kindle device (depending on which model you choose).

    HMD Global's products are built to last, and you'd want an ereader to last you on long trips, in rough conditions, and in bags full of objects it could bump into. Plus, HMD's hardware is supported with software updates for ages and often has huge batteries, too, all things that would be useful for an E-Ink slate.

    Honorable mention: Xiaomi

    Xiaomi InkPalm 5 Mini

    (Image credit: Xiaomi)

    Xiaomi is an honorable mention, and not a 'true' listing, because the company does actually make ereaders, and releases a new one every year or so.

    It's on this list, though, because those ereaders only go on sale in China, and we haven't seen any get worldwide launches. The company confirmed to TechRadar that it's not ruling out global launches, but that it hasn't planned one, either.

    In the last few years, Xiaomi has cemented itself as a player in the premium market, but it also has great value, budget, and mid-range phones. So, we could rely on the brand's ereaders to be competitive.

    • MWC (Mobile World Congress) is the world's largest showcase for the mobile industry, stuffed full of the newest phones, tablets, wearables and more. TechRadar is reporting on the show all week. Follow our MWC 2022 live blog for the very latest news as it happens and visit our dedicated MWC 2022 hub for a round-up of the biggest announcements.

    Read More

  • The best cheap tablets 2020: the top budget options

    After a new cheap tablet? Whether you're after Android or iOS you'll find some top budget options here.

    Read More

  • These Bluetooth security flaws could affect billions of devices

    A new family of Bluetooth vulnerabilities were found to affect over 1400 different product types, according to researchers

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us