Microsoft's Flawed Patch to a Simple Exploit

Sean O'Shea
Jul 9, 2021
1 min read

Here's an update to last night's tip, which warned about the Printer Spooler vulnerability in Windows. Microsoft's fix has its own shortcomings.

Cybersecurity expert Will Dormann has warned that if the PointandPrint setting in the Registry Editor is set to 1, Microsoft's patch will not prevent remote code execution.

Because Microsoft's patch does not account for files referenced with Universal Naming Convention, it will not block remote files used for the exploit. UNC simply references a file with a path in this form:

\\server\share\path\filename

Recent Posts

See All

S.D.N.Y.: Cybersecurity Risks Don't Need to Be Articulated with Maximum Specificity

This month the S.D.N.Y. dismissed much of the SEC's fraud suit against the software developer SolarWinds Corp. The SAML certificate...

HIPS - Host-Based Intrusion Prevention System

HIPS software, Host-based Intrusion Prevention System, checks a server, computer, or workstation for events occurring on that host which...

Office 365's Poor Email Encryption Method

LITIGATION SUPPORT TIP OF THE NIGHT

New tips for paralegals and litigation support profesionals are posted to this site each week. Click on the blog headings for better detail.

See How-To Videos on my YouTube channel.

Microsoft's Flawed Patch to a Simple Exploit

Recent Posts