10 comments

[ 3.0 ms ] story [ 36.2 ms ] thread
It doesn't say how this is exploited. Remotely? By having the user print something?
It says:

- affects print spooler service

- June patch day didn’t resolve the issue

- Local & remote privilege escalation via SMB

It is exploited by calling a remote procedure call function called rpcAddPrinterDriver. There is a buggy check that lets a user without the adequate privileges to load a driver on the remote system.

Since remote functions can be called locally as well, this is both a remote code execution (RCE) and local privilege escalation (LPE). For more information, see the original source: https://github.com/afwu/PrintNightmare

I strongly vote for HN to de-prioritize vice.com clickbait. Maybe have them start out at the bottom of the pile, and if the article is awesomesauce then people will upvote it?

Or maybe there is some client plugin to hide HN stories from certain domains? That would suffice too.

Wasn't that website founded by a white supremacist?
I'm no fan of the website, but I think you can do better than to just plop accusations out there without some kind of reference, or something to back it up. I mean, didn't 908B64B197 get indicted for embezzling from their employer last year?
Oh, a bug in the Windows printing subsystem!?! No way!

It's only been the buggiest shit for years, the bane of every IT person's existence. Microsoft had ignored this pain for so many years, and added layers and layers of cruft onto it...

This is what happens when you have blatantly buggy shit in your OS, and ignore it for years. I honestly think that if they had been working on fixing their shit print subsystem, and made it stable that exploits like this would have been far less likely.

I wonder what they will break when they patch it. The last year has seen a regular stream of problems related to printing on Windows.