Windows print nightmare continues with malicious driver packages

Technology

BleepingComputer 15 July, 2021 - 01:57pm 2 views

When does Windows 11 come out?

Upgrades to Windows 11 will begin to roll out late in 2021 and continue into 2022. During this time, we will be doing some behind-the-scenes testing and validating for your specific PC. Windows Update will provide an indication if and when your PC is eligible. You can check by going to Settings/Windows Update. microsoft.comUpgrade to the New Windows 11 OS

SonicWall warns of 'critical' ransomware risk to EOL SMA 100 VPN appliances

BazarBackdoor sneaks in through nested RAR and ZIP archives

Windows 365 - Microsoft's new virtualized Cloud PC service

Google: Russian SVR hackers targeted LinkedIn users with Safari zero-day

Microsoft unveils Windows 11's beautiful new context menus

Windows print nightmare continues with malicious driver packages

Learn to automate admin tasks with this Microsoft PowerShell training

Microsoft: Israeli firm used Windows zero-days to deploy spyware

How to remove the PBlock+ adware browser extension

Remove Security Tool and SecurityTool (Uninstall Guide)

How to remove Antivirus 2009 (Uninstall Instructions)

How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo

How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller

Locky Ransomware Information, Help Guide, and FAQ

CryptoLocker Ransomware Information Guide and FAQ

CryptorBit and HowDecrypt Information Guide and FAQ

CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ

How to make the Start menu full screen in Windows 10

How to install the Microsoft Visual C++ 2015 Runtime

How to open an elevated PowerShell Admin prompt in Windows 10

How to Translate a Web Page in Google Chrome

How to start Windows in Safe Mode

How to remove a Trojan, Virus, Worm, or other Malware

How to show hidden files in Windows 7

How to see hidden files in Windows

Microsoft has addressed the Windows 10 printing issues caused by changes introduced in the June 2021 cumulative update preview with an update issued during this month's Patch Tuesday.

After releasing the KB5004760 and KB5004945 security updates on July 7 to fix the actively exploited PrintNightmare vulnerability, Microsoft acknowledged user reports saying they could no longer use their USB Zebra and Dymo label and receipt printers.

While users pinned the issues on the PrintNightmare patch, Microsoft announced that the problems are "not related to CVE-2021-34527 or CVE-2021-1675," and were the result of June 2021 cumulative update preview changes.

To resolve the printing issues, Microsoft released an emergency fix for Windows 10 2004, Windows 10 20H2, and Windows 10 21H1 on July 9, rolling it out via the Known Issue Rollback (KIR) feature.

Redmond also added that "for enterprise-managed devices that have installed an affected update and encountered this issue, it can be resolved by installing and configuring a special Group Policy."

To provide a fix for customers who do not want or can't use KIR to resolve these printing problems, Microsoft also released the KB5004237 update as part of the July 2021 Patch Tuesday.

"This issue was resolved in  KB5004237, released July 13, 2021. If you are using an update released before July 13, 2021, you can resolve this issue using Known Issue Rollback (KIR)," Microsoft said in a new update to the Windows release health dashboard

"This issue affects various brands and models, but primarily receipt or label printers that connect using a USB port. After installing this update, you do not need to use a Known Issue Rollback (KIR) or a special Group Policy to resolve this issue."

Customers also encountered printing issues in March after installing the March 2021 Patch Tuesday updates. Users reported that Windows 10 would crash when printing or print jobs would be missing graphics elements, blank pages, or other issues.

To resolve these issues, Microsoft released two out-of-band emergency updates for Windows 10 one week later: KB5001567 on March 15 to fix the crashes and KB5001649 on March 18 to fix the printing issues.

Not a member yet? Register Now

Microsoft July 2021 Patch Tuesday fixes 9 zero-days, 117 flaws

REvil ransomware gang's web sites mysteriously shut down

To receive periodic updates and news from BleepingComputer, please use the form below.

Not a member yet? Register Now

Read our posting guidelinese to learn what content is prohibited.

Read full article at BleepingComputer

Microsoft Issues Serious Windows 10 Upgrade Warning

Forbes 16 July, 2021 - 06:10am

The warning is in response to ‘PrintNightmare’, a critical zero day flaw in the Windows Print Spooler service which is actively being exploited by hackers to remotely execute code with system-level privileges (the ultimate goal for attacks). Now Microsoft has issued a series of fixes which, while flawed, are essential updates for all Windows users. 

“We recommend that you install these updates immediately,” states Microsoft. “The security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as ‘PrintNightmare’, documented in CVE-2021-34527.”

And when I say “all Windows users”, Microsoft has gone so far as to provide fixes for eight versions of Windows 10 as well as Windows Server 2019, 2016, 2012 and 2008), Windows 8.1 and even Windows 7 for which support officially ended last year. You can find guides for each of these platforms below:

You can also find fixes for the PrintNightmare vulnerability within Windows itself by following these steps:

Be warned, however, this is not the end. As BleepingComputer points out, the fix is “incomplete” and you will need a further unofficial fix from popular security specialist opatch to be truly secure. Expect Microsoft to release the necessary additional fixes soon, but opatch has your back in the meantime. 

Why has PrintNightmare been so damaging? Because it was an accident. Security researchers accidentally published their proof-of-concept (PoC) exploit online which meant Microsoft caught completely off guard and hackers were spoonfed all the information required to start taking advantage of Windows computers around the world.  

Furthermore, PrintNightmare attacks enable hackers to do whatever they want with your Windows system via remote code execution. This includes installing programs, modifying data and creating new accounts with full administration rights over your computer. 

I expect the repercussions of PrintNightmare will run and run. 

Microsoft extends security updates for Windows and SQL Server 2012 and 2008

The Register 16 July, 2021 - 06:10am

Microsoft has announced Extended Security Updates for Windows Server 2008 and 2012, and for SQL Server 2012 – and made it free if you run them in its Azure cloud.

The current extended support offering for Windows Server 2012 and 2012 R2 ends on October 10, 2023. However, Monojit Bhattacharya, a product management leader for Azure and member of Microsoft’s Windows Server Team, has revealed that Redmond is offering “Extended Security Updates” for three years.

SQL Server 2012, for which extended support ends on July 12, 2022, has also been given an extra three years of security updates.

Microsoft’s made this an offer that’s hard to resist by making it free – if users move their workloads into Azure. They also must apply the Azure Hybrid Benefit – a scheme that allows use of on-prem licences acquired under Software Assurance.

Azure Hybrid Benefit includes lower Azure prices than are available with other offers. Microsoft seldom tires of pointing out that the Benefit therefore makes Azure the cheapest place to run Windows Server and SQL Server in the cloud.

If you persist in running on-prem, Microsoft will ramp the price of the extended update offering. In year one it’ll cost three quarters of your licence costs, in year two the price will be at parity, and in year three Extended Security Updates will cost 125 per cent of the license cost.

Windows Server 2008 and SQL Server has also been given a little extra love, with one more year of updates offered – but only in Azure.

SQL Server and Windows Server 2008 and 2008 R2 Extended Security Updates are currently scheduled to end on July 9, 2022, and January 14, 2023, respectively.

News of the Extended Security Updates was revealed at Microsoft’s partner centric “Inspire” virtual gabfest which, in addition to the announcement of cloudy Windows 365 desktops, saw Redmond reveal:

Good news, Hubble fans – NASA reckons it may have worked out what has upset the orbiting observatory: an iffy Power Control Unit (PCU).

The agency is only saying the PCU is a "possible" cause of the Hubble's technical breakdown at this stage, but the theory is strong enough that engineers have been given the green light to start a procedure to switch to backup power components within the spacecraft.

As a reminder, Hubble is unable to carry out any science right now: its sensors are inactive and in a safe mode because the payload computer that controls the instruments mysteriously halts. NASA is trying to find the cause of the crashes, and now suspicion has fallen on the power supply.

The world is entering a new stage of AI and the race to get there is between China and the United States, US defense secretary Lloyd Austin has said.

He was speaking at the Global Emerging Technology Summit of The National Security Commission on Artificial Intelligence earlier this week.

"Tech advances like AI are changing the face and the pace of warfare," said Austin.

Amid the puffery over Windows 365, Microsoft also released the second preview of Visual Studio 2022 with some intriguing features for Windows Subsystem for Linux 2 users.

Visual Studio 2022, now finally available in 64-bit flavour, also added a range of additional languages in the update and new Live Preview experiences for XAML and web apps. However, for developers toiling away at the coalface of C++, the availability of a native Windows Subsystem for Linux 2 (WSL2) toolset should make life a little simpler.

WSL2 is Microsoft's latest and greatest attempt at bringing Linux apps to Windows. Where its predecessor was a translation layer, the new shiny runs in a lightweight virtual machine and sports a full Linux kernel for much improved system call compatibility.

Amazon is facing legal action in the US from a consumer protection group over the sale of allegedly faulty goods including carbon monoxide detectors and hairdryers.

The Consumer Product Safety Commission (CPSC) yesterday filed a complaint against Amazon.com to force the etailer to "accept responsibility for recalling potentially hazardous products sold on Amazon.com."

But Amazon has already hit back, claiming in a statement that it removed many items for sale when notified and has been working with the CPSC to resolve the other outstanding concerns.

Sponsored Have you ever met an enterprise software auditor? If you work in IT at a big organization the answer is probably yes.

Employed by the big enterprise software vendors, these software police reserve the right to sniff through your infrastructure looking for orphaned instances. And if they find one you may find a big bill landing on your doorstep.

Russia's Yadro and subsidiary Syntacore have announced an effort to develop homegrown processors based on the free and open RISC-V architecture.

A report in local newspaper Ведомости, first spotted in the west by AnandTech, pointed to state-owned Rostec providing up to 30bn rubles (around $400m, £290m) in backing to Yadro and Syntacore to build a range of devices featuring RISC-V chips.

The Federal Aviation Administration (FAA) has warned SpaceX it has not completed an environmental review of a new tower currently under construction at its launch site in Boca Chica, Texas, indicating the tower might have to be demolished.

The proposed new "integration tower" (outlined in a May scoping summary here) is intended to be an assembly facility where Elon Musk's firm's Falcon Super Heavy booster rockets would be mated to Starship second-stage vehicles.

It appears SpaceX began construction on the first of the two planned 480ft (146m) towers under the presumption that it would not the require any input from the FAA. However, the billionaire-baiting flight-safety regulator seems to think otherwise.

Two homes in South England have been searched by the Information Commissioner's Office (ICO) today after pictures of former health secretary Matt Hancock kissing a colleague appeared in a Brit newspaper.

Investigators seized personal computer equipment and electronic devices as part of today's operation. The exact locations of the raids were not revealed.

The images – which appeared in The Sun last month – were taken from what appeared to be CCTV footage from within the offices of the Department of Health and Social Care (DHSC) in London.

Veteran Linux wrangler SUSE has swung into the red largely due to shares-based payments related to its lacklustre IPO in May.

The business, sold by Micro Focus to private equity house EQT for $2.5bn in 2018, reported revenue of $133.2m for its Q2 ended 30 April [PDF], up a decent 17 per cent year-on-year.

The double-digit rise, with trading "in line with expectations," stands in contrast to SUSE's flotation, which was set at €30 per share and struggled to make much ground during its first day of trading several months back.

The role of facial-recognition technology (FRT) was put under the microscope earlier this week after the US House Committee on the Judiciary heard evidence about how it's used by law enforcement agencies.

The hearing called on testimony from all sides of the debate as legislators seek to balance the benefits of FRT against issues such as the right to personal privacy and wrongful identification.

Dr Cedric Alexander, a former member of President Barack Obama's Task Force on 21st Century Policing, underlined the minefield facing lawmakers by laying out how, on the one hand, FRT can promote justice and "even save lives" but not if it means sacrificing constitutional rights.

The Document Foundation has released LibreOffice 7.2 RC1, including a large number of fixes intended to improve import and export compatibility with Microsoft Office.

Version 7.2 of LibreOffice, the most popular free and open-source productivity suite, is set for full release in mid-August. New versions appear roughly every six months: 7.0 arrived in August 2020, and 7.1 in February 2021.

The list of what's new is extensive, though most new features are small tweaks or bug fixes. One of the more notable is the ability to have multiple columns in text boxes in LibreOffice documents including Writer, Calc, and Impress – these being word processor, spreadsheet, and presentation graphics.

The Register - Independent news and views for the tech community. Part of Situation Publishing

Biting the hand that feeds IT © 1998–2021

Microsoft shares guidance on new Windows Print Spooler vulnerability

BleepingComputer 16 July, 2021 - 06:10am

SonicWall warns of 'critical' ransomware risk to EOL SMA 100 VPN appliances

BazarBackdoor sneaks in through nested RAR and ZIP archives

Windows 365 - Microsoft's new virtualized Cloud PC service

Google: Russian SVR hackers targeted LinkedIn users with Safari zero-day

Microsoft shares guidance on new Windows Print Spooler vulnerability

Windows 10 21H2 has been released for testing, but not for everyone

Microsoft unveils Windows 11's beautiful new context menus

Windows print nightmare continues with malicious driver packages

How to remove the PBlock+ adware browser extension

Remove Security Tool and SecurityTool (Uninstall Guide)

How to remove Antivirus 2009 (Uninstall Instructions)

How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo

How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller

Locky Ransomware Information, Help Guide, and FAQ

CryptoLocker Ransomware Information Guide and FAQ

CryptorBit and HowDecrypt Information Guide and FAQ

CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ

How to make the Start menu full screen in Windows 10

How to install the Microsoft Visual C++ 2015 Runtime

How to open an elevated PowerShell Admin prompt in Windows 10

How to Translate a Web Page in Google Chrome

How to start Windows in Safe Mode

How to remove a Trojan, Virus, Worm, or other Malware

How to show hidden files in Windows 7

How to see hidden files in Windows

Microsoft is sharing mitigation guidance on a new Windows Print Spooler vulnerability tracked as CVE-2021-34481 that was disclosed tonight.

Microsoft released an advisory Thursday night for a new CVE-2021-34481 elevation of privilege vulnerability in the Windows Print Spooler that Dragos security researcher Jacob Baines discovered.

Unlike the recently patched PrintNightmare vulnerability, this vulnerability can only be exploited locally to gain elevated privileges on a device.

"The attack is not really related to PrintNightmare. As you know, PN can be executed remotely and this is a local only vulnerability," Baines confirmed to BleepingComputer.

Not much is known at this time about the vulnerability, including what versions of Windows are vulnerable.

However, Baines did share with BleepingComputer that it is printer driver-related.

Baines will be sharing more information about CVE-2021-34481 on August 7th during a DEF CON talk titled "Bring Your Own Print Driver Vulnerability."

While Microsoft has not released security updates to address this flaw, they have provided mitigation measures that admins can use to block attackers from exploiting the vulnerability.

At this time, the available option is to disable the Print Spooler service on a vulnerable device.

If disabling the Print Spooler service is appropriate for your enterprise, use the following PowerShell commands:

It is important to note that if you disable the print spooler on a device, the device will no longer print to a local or remote printer.

Not a member yet? Register Now

Microsoft July 2021 Patch Tuesday fixes 9 zero-days, 117 flaws

REvil ransomware gang's web sites mysteriously shut down

To receive periodic updates and news from BleepingComputer, please use the form below.

Not a member yet? Register Now

Read our posting guidelinese to learn what content is prohibited.

Technology Stories