The PrintNightmare vulnerability has indeed proven to be a nightmare for Microsoft, and it is one that shows no signs of ending. Security researchers have discovered another method to exploit the Windows spooler vulnerability, making it possible for anyone to gain administrator privileges.
The last method is to create a remote print server and connect to it. This causes Windows to install a driver that requires loading a DLL with system privileges, a fact that can be exploited to start an elevated command prompt. Even on a fully patched and updated copy of Windows 10 21H1, the attack works.
This latest exploitation technique was discovered and shared by security researcher Benjamen Delpy. IT takes advantage of the fact that Windows is very accommodating when it comes to installing drivers from remote print servers, and by running these drivers with system privileges, attackers have an entry point.
Delpy tweeted details of the method and detailed how to mitigate it:
BleepingComputer He also shared a video demonstrating the exploit in action:
While Microsoft has yet to comment on this latest exploit, Deply says it is asking the company to “set some priorities” to find a solution.
Meanwhile, there are several mitigation solutions, none of which are ideal. Details are available at Cert.