Η Microsoft κυκλοφόρησε σήμερα μια ενημέρωση security which changes the default behavior of the “Point and Print” feature to fix a serious security flaw that was disclosed last month.
Point and Print was first added to Windows 2000, and works by connecting a print server to download and install the necessary print drivers each time a user creates a connection to a remote printer without having the drivers.
Earlier this year, Jacob Baines, a reverse engineer at Dark Wolf Solutions, found that malicious users inside a company's network could abuse the modeς Point and Print για να τρέξουν έναν κακόβουλο διακομιστή printingς και να αναγκάσουν τα συστήματα των Windows να κάνουν λήψη και εγκατάσταση κακόβουλων drivers.
Δεδομένου ότι το Point and Print λειτουργούσε με προνόμια SYSTEM, η λειτουργία έδινε στους κακόβουλους χρήστες (πολύ εύκολα) το right να αποκτήσουν προνόμια διαχειριστή σε οποιοδήποτε μεγάλο εταιρικό ή κυβερνητικό δίκτυο.
Microsoft initially tried to fix the issue that it documented as CVE-2021-34481 last month, but the updates were incomplete.
Σήμερα, η εταιρεία ακολούθησε μια άλλη προσέγγιση. Δεδομένου ότι το κενό ασφαλείας εκμεταλλεύεται ένα σχεδιαστικό ελάττωμα, η Microsoft επέλεξε να αλλάξει την προεπιλεγμένη συμπεριφορά της operation Point and Print.
While to date, any user could add a new printer to a Windows computer, Microsoft says that after Patch Tuesday, only administrators will be able to add or update a printer with drivers from a remote print server.
"This change will take effect with the installation of security updates released on August 10, 2021, for all supported versions of Windows," Microsoft said today.
"This change may affect Windows print clients in scenarios where underprivileged users could add or update printers. However, we firmly believe that the security risk justifies this change ", the company continues.
For companies and users who do not want to block printer installations within their networks, Microsoft a registry key was also released allowing the old behavior.
However, Microsoft warns of the dangers:
Disabling this update will expose your environment to publicly known vulnerabilities in Windows Print Spooler, and we encourage administrators to assess their security needs before taking on this responsibility.
