New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research

Search

PrintNightmare Vulnerability Gets Third-Party Patch

A new unofficial patch has been released for CVE-2021-34527, better known as PrintNightmare. Previously thought to be an extension of CVE-2021-1675, Microsoft has clarified that PrintNightmare actually exploits a different vulnerability within RpcAddPrinterDriverEx(). Microsoft still maintains that CVE-2021-1675 has been remediated through the June 8th, 2021 security update. While Microsoft continues to investigate PrintNightmare, no official patch has been released, but third-party vendor 0patch has released their own “micropatch” for free. 0patch is normally a paid (for enterprise) service that releases targeted “micropatches” to fix vulnerabilities and support older, end of life Windows operating systems. In a blog post introducing their patch, 0patch also mentions that although additional attack vectors have been discovered since the initial release of the PrintNightmare exploit, their patch still defends against currently known exploitations.

Analyst Notes

0patch micropatches are unofficial and not supported by Microsoft, though they may be a viable option for some organizations while Microsoft continues to investigate. 0patch has released their patch for Windows 10 (1909, 2004, 20H2), Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019 and notes that additional patches may be released as needed if new variations of the exploit warrant it. Binary Defense highly recommends reading Microsoft’s notice for PrintNightmare and following the advice given for mitigation if it is not possible to take advantage of a temporary 0patch solution. Binary Defense also highly recommends creating and following a plan for a regular patch schedule, allowing time for testing before deploying patches across the organization.

https://blog.0patch.com/2021/07/free-micropatches-for-printnightmare.html

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527