Newsletter Archives

  • MS-DEFCON 2: Microsoft and compliance

    alert banner

    ISSUE 21.06.1 • 2024-02-08


    By Susan Bradley

    An international company must deal with the jurisdictions in which it operates. Microsoft is no different.

    February is always marked on my calendar as the month in which Microsoft is back in full force, holidays behind them. That means we’ll see a rash of updates. I’m raising the MS-DEFCON level to 2 as a result.

    Some of those updates will deal with the requirements of the Digital Markets Act (DMA) in the European Economic Area (EEA). Microsoft published a post in the Windows blog on this subject. The necessary changes to bring Windows into compliance will be dribbling out until the deadline — March 6, 2024 — and will be seen in updates to Windows 10 22H2 and Windows 11 23H2.

    Anyone can read the full MS-DEFCON Alert (21.06.1, 2024-02-08).

  • Out of band for Print Nightmare is out

    Remember the print nightmare post from the other day?  Microsoft has released out of band updates to fix the issue.

    “CVE updated to announce that Microsoft is releasing an update for several versions of Window to address this vulnerability. Updates are not yet available for Windows 10 version 1607, Windows Server 2016, or Windows Server 2012. Security updates for these versions of Windows will be released soon. Other information has been updated as well. This information will be updated when more information or updates are available”

    If you are a home user, I don’t see a need to rush this patch on. If you are a MSP or IT professional, and you haven’t already disabled the print spooler on your domain controllers – look for these updates. ( I don’t think they’ve been fully posted yet)

    “Prior to installing the July 6, 2021, and newer Windows Updates containing protections for CVE-2021-34527, the printer operators’ security group could install both signed and unsigned printer drivers on a printer server. After installing such updates, delegated admin groups like printer operators can only install signed printer drivers. Administrator credentials will be required to install unsigned printer drivers on a printer server going forward.”

    Edit on 7/7/2021:  Seeing it start to trend that Zebra label printers can’t print after installing this update.  I’m going to flip DefCon to 2 to be safe.

    Edit on 7/7/2021 12:10:  Lawrence from Bleepingcomputer indicates that the patch doesn’t fully protect from “local privilege esPrintNightmare calation” attacks.  If you have enabled any “Point and print” options you may still be vulnerable even with the update installed.  “To bypass the patch and achieve RCE and LPE, a Windows policy called ‘Point and Print Restrictions’ must be enabled, and the “When installing drivers for a new connection” setting configured as “Do not show warning on elevation prompt.”  Note I have not done this on any local printer or network printer under my control – so my guess is that most of us won’t have to worry about this corner case.

    Edit 7/10/2021: Microsoft is saying that the issue with usb based label printers (Zebra and Duo) isn’t caused by this specific update but from earlier updates and we just didn’t realize it. They have implemented the “known issue rollback” process where the non security bits causing the issue are automatically rolled back.