On July 6th Microsoft released an out of band patch to address the issues with CVE-2021-34527 however within hours Security Researchers had found flaws in the methods that allow for continued RCE, LPE exploits, and the popular tool Mimikatz has a module added verifying the findings. The issue lies within a Microsoft Policy for “Point and Print” being enabled allowing for installation of malicious drivers. It is reported to work on Windows 7, 8, 8.1, 2008, and 2012 however 2016, 2019, and 10 require Point and Print to be configured allowing RCE. While Microsoft works on a fix they have published a workaround explaining another path to mitigation.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased