Fix for PrintNightmare CVE-2021-1675 exploit to keep your Print Servers running PATCH AVAILABLE
Zitat von mpca am 1. Juli 2021, 17:30 UhrMS Patch published
https://www.catalog.update.microsoft.com/Search.aspx?q=KB5004945https://stadt-bremerhaven.de/printnightmare-microsoft-veroeffentlicht-out-of-band-update/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+stadt-bremerhaven%2FdqXM+%28Caschys+Blog%29
https://www.borncity.com/blog/2021/07/07/notfall-update-schliet-printnightmare-schwachstelle-in-windows/
https://www.borncity.com/blog/2021/07/08/printnightmare-notfall-update-auch-fr-windows-server-2012-und-2016/https://www.heise.de/news/Notfallpatch-Microsoft-schliesst-PrintNightmare-Luecke-in-Windows-6130503.html?wt_mc=rss.red.ho.ho.atom.beitrag.beitrag
Patch alleine reicht nicht aus:
https://www.heise.de/news/Windows-Update-unvollstaendig-Sicherheitsforscher-umgehen-PrintNightmare-Patch-6131519.html?wt_mc=rss.red.ho.ho.atom.beitrag.beitraghttps://stadt-bremerhaven.de/printnightmare-microsoft-veroeffentlicht-weiteres-support-dokument/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+stadt-bremerhaven%2FdqXM+%28Caschys+Blog%29
https://www.golem.de/news/windows-10-kb5004945-microsofts-printnightmare-patch-macht-drucker-unbenutzbar-2107-158020.html
Point and Print:
https://www.borncity.com/blog/2021/07/19/printnightmare-point-and-print-erlaubt-die-installation-beliebiger-dateien/####################################################################################
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allows-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-1675/
https://blog.truesec.com/2021/06/30/fix-for-printnightmare-cve-2021-1675-exploit-to-keep-your-print-servers-running-while-a-patch-is-not-available/
For all who are not allowed to run PS Script, with Windows CLI it works this way:
Saves the ACL of the folder in an ACL File on C:\
icacls c:\Windows\System32\spool\drivers\ /save AclFile /T /C /L /Q
blocks access for User SYSTEM
icacls c:\Windows\System32\spool\drivers\ /deny SYSTEM:(CI)(OI)(M)
deletes the block for User SYSTEM
icacls c:\Windows\System32\spool\drivers\ /remove:d SYSTEM
Recovers the saved ACL from the ACL file on C:\
icacls c:\ /restore AclFile /T /C /L /Q
https://www.heise.de/news/PrintNightmare-Schadcode-Luecke-in-Windows-bedroht-ganze-Netzwerke-6124838.html
Die 0Patch-Lösung für PrintNightmare
https://www.borncity.com/blog/2021/07/03/0patch-micropatches-fr-printnightmare-schwachstelle-cve-2021-34527/
MS Patch published
https://www.catalog.update.microsoft.com/Search.aspx?q=KB5004945
Notfall-Update schließt PrintNightmare-Schwachstelle in Windows (6. Juli 2021)
PrintNightmare-Notfall-Update auch für Windows Server 2012 und 2016 (7. Juli 2021)
Patch alleine reicht nicht aus:
https://www.heise.de/news/Windows-Update-unvollstaendig-Sicherheitsforscher-umgehen-PrintNightmare-Patch-6131519.html?wt_mc=rss.red.ho.ho.atom.beitrag.beitrag
https://stadt-bremerhaven.de/printnightmare-microsoft-veroeffentlicht-weiteres-support-dokument/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+stadt-bremerhaven%2FdqXM+%28Caschys+Blog%29
https://www.golem.de/news/windows-10-kb5004945-microsofts-printnightmare-patch-macht-drucker-unbenutzbar-2107-158020.html
Point and Print:
https://www.borncity.com/blog/2021/07/19/printnightmare-point-and-print-erlaubt-die-installation-beliebiger-dateien/
####################################################################################
For all who are not allowed to run PS Script, with Windows CLI it works this way:
Saves the ACL of the folder in an ACL File on C:\
icacls c:\Windows\System32\spool\drivers\ /save AclFile /T /C /L /Q
blocks access for User SYSTEM
icacls c:\Windows\System32\spool\drivers\ /deny SYSTEM:(CI)(OI)(M)
deletes the block for User SYSTEM
icacls c:\Windows\System32\spool\drivers\ /remove:d SYSTEM
Recovers the saved ACL from the ACL file on C:\
icacls c:\ /restore AclFile /T /C /L /Q
Die 0Patch-Lösung für PrintNightmare
0Patch Micropatches für PrintNightmare-Schwachstelle (CVE-2021-34527)