 I'm here from Lawrence systems, and I'm trying to figure out the right adjective to use to describe What's going on with the print nightmare? Should I say that Microsoft bungled it? Did they just screw it up? I don't know what the proper terms are to really and fully describe the extent of this problem But I don't want to detract from the facts here that Microsoft's Incomplete print nightmare patch fails to fix this vulnerability. Yes, the company that has pretty much a lock on the desktops It's what we have to support from an IT standpoint and they are worth two trillion dollars But somehow do not have the resources to properly fix the print spooler This is also partly due because one secure coding is really hard. I'm not saying it's not But it also is the long tail of legacy which we call technical debt Which means this print spooler probably still has some old dusty code that was from forever ago That it was based on and then we you know have brought it forward all the way to Windows 10 And of course some of these vulnerabilities that believe it was pointed out work perfectly fine in Windows 11 So for anyone that's wondering if Windows 11 will save us. No, it's just a prettier face on Windows 10 Researchers have bypassed Microsoft's emergency patch for print nightmare vulnerability to achieve remote code execution and local privilege escalation With the official fix installed and yes, this is July 8th of 2021 the official patch was released yesterday July 7th of 2021 and Even the government had to send out a notice print nightmare critical windows prints spooler vulnerabilities And these are some of the updates from when there was mitigations that by the way, thanks and my Absolute, you know can't express my gratitude to the security community enough for really jumping on this I can certainly shame Microsoft for not being the leader of The pack here of telling us what to do But the security community worked on it looked at how the exploit worked and came up with Mediations that we pushed to our clients until Microsoft could come up with a patch and then they released it there out of band security updates and Right here the Microsoft update CVE 2021 34527 only appears to address remote code Exegution via RCE the SMB and RPC variants of the print nightmare and not the local privilege escalation variant That's where things get a little bit fuzzy and let's roll back real quick though to the original tweets And when the original researchers had published this apparently Microsoft didn't listen to them or fully Understand what they were submitting to them with proper vulnerability disclosure processes and saying what was wrong with the print spooler So Microsoft's you know first patch didn't work their next patch They release didn't work and the security researchers have just been tweeting away and coordinating with each other to try to get this sorted out This does include showing this right here, which I'd retweeted the other day where they even added a new function of Mimi cats to Normalize bypassing checks with UNC to get around the format. So yes, they can just keep doing it By the way, if you click this get public I believe it still takes you to a secure Google warning page because the person posted how the exploit code works and This is just absolute mumbling the Further craziness that I was like dumbfounded by is the fact that will dormant here had put out and I'll leave links to all this So you can look at the flow chart of exactly how the system works now This is where some of that confusion comes in and I'll zoom in a little bit here cert believes Microsoft states and this is where some of those problems are apparently when you loaded the patch you had to set the point and print update prompt settings and This determines whether or not you're vulnerable and unfortunately Microsoft chose not to set them So this is where there's a lot of confusion and I just can't believe Microsoft didn't test this I was not saying that I can write secure code and you know I'm just some armchair guy saying it some but I am looking at a company that has a pretty massive set of resources and Unfortunately through circumstances that led up to where we are in technology today Pretty much everyone has to use the Windows desktop because that's where most of software runs that being said it's not like we can just go I'm done with this Microsoft principle or I'm gonna use the competing desktop product, but there's not one so Microsoft and the wealth they built from becoming number one should at least be dedicated towards supporting this in a better way Rather than me having to spend time as so many other IT people are trying to sort out exactly what we need to do to keep our Clients protected from a company that we well all give money to to keep us up-to-date on their products So I believe links all this and of course the bleeping computer article that breaks down things a few more details of the history of it because the mistake of people thinking it was fixed the first time is what led to another security researcher independently releasing some of their proof of concept code and of course that proof of concept code works when the security Problem is not remediated properly therefore This is already out in the wild and being exploited the good news is as I said the Bleeping a Peter Oracle you can just read through this and get an idea exactly what needs to be changed I actually think this full chart was actually really helpful to understand where this is a problem and whether or not it's local or Remotely exploitable and the remotely exploitable part is a little bit harder It depends on whether or not you have like your firewall disabled or weekend and things like that But please read through this like I said leave links as you can follow along and determine where your risk factor is for this How to mitigate it and yes, I mean you should load the patch even though the patch doesn't fully mitigate it You load the patch and have to change from registry setting So it's not like the patch breaks that I at least so far that we've rolled it out to I've only seen minor reports If it causing blue screens trying to load the patch for some printer models We're just gonna have to deal with that because it's better to patch than not to patch But it's patch plus change registry settings to get everything from the default to The proper settings and hopefully Microsoft in the future does a better job of this because it's never good when the government has to point out That your patches are incomplete along with all the security researchers and everything else All right, I'll leave links to all this down below and thanks And thank you for making it to the end of this video if you enjoyed this content Please give it a thumbs up if you like to see more content from this channel Hit the subscribe button and the bell icon to hire a sure project head over to Lawrence systems calm and click on the Hire us button right at the top to help this channel out in other ways There's a join button here for YouTube and a patreon page where your support is greatly appreciated For deals discounts and offers check out our affiliate links in the descriptions of all of our videos including a link to our shirt store We have a wide variety of shirts and new designs come out. Well randomly, so check back frequently And finally our forums forums that Lawrence systems commas where you can have a more in-depth discussion about this video and other tech topics covered on this channel Thank you again, and we look forward to hearing from you in the meantime check out some of our other videos