Vulnerability Management and more

2021-07-08 12:27:48 #PrintNightmare. Well, it seems like the best strategy for the servers is to still shut down the service:

"Mimikatz creator Benjamin Delpy said the problem relates to the Point and Print function, which is designed to allow a Windows client to create a connection to a remote printer with first requiring installation media.

That effectively means an authenticated user could still gain administrator-level privileges on a machine running the Print Spooler service to run arbitrary code.

Most concerning is that this vulnerability could put servers running Windows domain controllers at risk, effectively giving attackers the keys to the kingdom to compromise enterprise networks with ransomware or other malicious code."

And for desktops, additional hardening will be needed:

“Point and Print is not directly related to this vulnerability, but the technology weakens the local security posture in such a way that exploitation will be possible,” it admitted. “To disallow Point and Print for non-administrators make sure that warning and elevation prompts are shown for printer installs and updates.” Open / Comment

2021-07-07 09:59:55 Microsoft Issues Emergency Patch for Critical Windows PrintNightmare Vulnerability
#TheHackersNews

"Microsoft has shipped an emergency out-of-band security update to address a critical zero-day vulnerability — known as "PrintNightmare" — that affects the Windows Print Spooler service and can permit remote threat actors to run arbitrary code and take over vulnerable systems.
Tracked as CVE-2021-34527 (CVSS score: 8.8), the remote code execution flaw impacts all supported editions of Windows. Last week, the company warned it had detected active exploitation attempts targeting the vulnerability.
"The Microsoft Windows Print Spooler service fails to restrict access to functionality that allows..."

http://feedproxy.google.com/~r/TheHackersNews/~3/zqxdnEaalJY/microsoft-issues-emergency-patch-for.html Open / Comment

2021-07-07 09:59:55 Finally! Open / Comment

2021-07-05 18:28:54 Hello guys! The second episode of Last Week’s Security news from June 28 to July 4
Video:


Text version: https://avleonov.com/2021/07/05/last-weeks-security-news-printnightmare-kaseya-intune-metasploit-docker-escape/ Open / Comment

2021-07-05 18:27:08 Vote plz... Open / Comment

2021-07-04 18:31:29 Hi guys! I was on vacation this week. So I had time to work on my Vulristics project. For those who don’t know, this is a framework for prioritizing known CVE vulnerabilities. I was mainly grooming the HTML report. The main new feature is the tables of vulnerable products and types of vulnerabilities.
Video:


Text version: https://avleonov.com/2021/07/04/vulristics-html-report-update-table-for-products-table-for-vuln-types-and-prevalence/ Open / Comment

2021-07-02 18:26:03 Vote plz... Open / Comment

2021-07-02 18:25:31 Hello, today I want to experiment with a new format. I will be reading last week’s news from my @avleonovnews channel, which I found the most interesting. I do this mostly for myself, but if you like it too, then that would be great. Video: https://www.y… Open / Comment

2021-07-02 16:36:51 The PrintNightmare continues: Microsoft confirms presence of vulnerable code in all versions of Windows
#TheRegisterNews

"Microsoft has assigned CVE-2021-34527 to the print spooler remote code execution vulnerability known as "PrintNightmare" and confirmed that the offending code is lurking in all versions of Windows.
The megacorp said it was still investigating whether the vulnerability was exploitable in every version, but domain controllers are indeed affected.
Microsoft also confirmed that this nasty was distinct from CVE-2021-1675, which was all about a different attack vector and a different vulnerability in
RpcAddPrinterDriverEx() . The June 2021 Security update dealt with that, according to Microsoft,..."

https://www.theregister.com/2021/07/02/printnightmare_cve/ Open / Comment

2021-07-02 16:36:51 Now MS has stated that "PrintNightmare" is a new vulnerability CVE-2021-34527 and they had no issues with the June patch. Okeey. Open / Comment