- Microsoft released June 8 update claiming to fix a printer security bug
- A security researcher believes that was their previously reported printer bug, releases a write up and PoC.
- Between June 9 and June 21, PrintNightmare was a known issue with no fix.
- An unsupported ACL mitigation started doing the rounds on social media. People quickly found out it broke a lot of stuff, and there have been plenty of reddit posts about random things not working. I had to revert this mitigation just to get last week's Exchange update to aply
- A June 21 out of band update came out claiming to fix the issue, but the situation was complicated enough that people started building flow charts trying to decide what is/isn't vulnerable[0]
- Microsoft ships a July 13 update wherein this is finally properly patched, provided some registry keys are left at default
- The documentation originally published incorrect registry keys, causing confusion about whether people were vulnerable
- It's identified several printer vendors, and even the Samba team, have recommended the "bad" options that make this update not work
- A new print spooler privesc comes out yesterday
It's been an incredible mess for an organisation to stay on top of and now I've got vulnerability assessments telling me I should be disabling print spoolers when every user ever expects to be able to print.
Probably the best action would be having someone in management owing you a favor, "Can you put out a notice saying the company is going green this month, so all printing is disabled?"
Microsoft is known for bad security practices, and even worse practices when it comes to rectifying consequences of such.
I bet with windows update being habitually turned off to prevent forced reboots, it will be a wave of exploiting when full details of the fix will be analysed.
It's likely there are more Windows machines now which have autoupdate disabled because of forced reboots than the amount of machines with default settings.
The decision to add forced reboot was one in line of many "shooting yourself in the foot" acts Microsoft did when it comes to software security.
It doesn't, the problem with auto-reboot is that it encourages people to disable auto-update because it is the easiest way to get rid of the auto-reboot.
"Normal" user can not disable update. The reason people complain about the updates and reboots they can not stop is because it works. MS surely has tons of statistics about how many % of user actually manage to run an outdated system.
So you wanna say you keep running windows 7 because you dont have the tech skills to turn off updates in win 10?
If that's the case I dont think there are many of you out there.
I run win7 on hardware that cant run win10 and I know people who run win7 simply because they like it more.
Normal user can change the location of the "Program Files" directory in the registry to disable (really break with an unsearchable error message) Windows Update. Weird, but doesn't require an Enterprise version or anything.
It put "normal" into quotes because I specifically wanted to excluded anyone who is willing to tinker with the system risking to break things or simply lacks the knowledge how to do it or how to figure out.
I'm fully aware that there are countless ways to stop windows from updating.
MS never attempted to make it super hard just hard enough so most of the people who absolutely should not turn it off are also unable to do so.
- Microsoft released June 8 update claiming to fix a printer security bug - A security researcher believes that was their previously reported printer bug, releases a write up and PoC. - Between June 9 and June 21, PrintNightmare was a known issue with no fix. - An unsupported ACL mitigation started doing the rounds on social media. People quickly found out it broke a lot of stuff, and there have been plenty of reddit posts about random things not working. I had to revert this mitigation just to get last week's Exchange update to aply - A June 21 out of band update came out claiming to fix the issue, but the situation was complicated enough that people started building flow charts trying to decide what is/isn't vulnerable[0] - Microsoft ships a July 13 update wherein this is finally properly patched, provided some registry keys are left at default - The documentation originally published incorrect registry keys, causing confusion about whether people were vulnerable - It's identified several printer vendors, and even the Samba team, have recommended the "bad" options that make this update not work - A new print spooler privesc comes out yesterday
It's been an incredible mess for an organisation to stay on top of and now I've got vulnerability assessments telling me I should be disabling print spoolers when every user ever expects to be able to print.
[0] https://twitter.com/StanHacked/status/1410922404252168196