Microsoft has released today a security update that will change the default behavior of the “Point and Print” feature to mitigate a severe security issue disclosed last month. From a report: First added in Windows 2000, the Point and Print feature works by connecting to a print server to download and install necessary print drivers every time a user creates a connection to a remote printer without providing installation media. Earlier this year, Jacob Baines, a reverse engineer for Dark Wolf Solutions, found that threat actors inside a company’s network could abuse the Point and Print feature to run a malicious print server and force Windows systems to download and install malicious drivers.
Since Point and Print ran with SYSTEM privileges, the feature effectively provided threat actors with an easy way to gain admin rights inside any large corporate or government network. Microsoft initially tried to patch the issue — tracked as CVE-2021-34481 — last month, but the patches were deemed incomplete. Today, the company took another approach. Since the vulnerability is exploiting a design flaw, Microsoft chose today to change the default behavior of the Point and Print feature.
Read more of this story at Slashdot.