Microsoft's Flawed Patch to a Simple Exploit

Here's an update to last night's tip, which warned about the Printer Spooler vulnerability in Windows. Microsoft's fix has its own shortcomings.


Cybersecurity expert Will Dormann has warned that if the PointandPrint setting in the Registry Editor is set to 1, Microsoft's patch will not prevent remote code execution.




Because Microsoft's patch does not account for files referenced with Universal Naming Convention, it will not block remote files used for the exploit. UNC simply references a file with a path in this form:


\\server\share\path\filename