Microsoft's Flawed Patch to a Simple Exploit
- Sean O'Shea
- Jul 9, 2021
- 1 min read
Here's an update to last night's tip, which warned about the Printer Spooler vulnerability in Windows. Microsoft's fix has its own shortcomings.
Cybersecurity expert Will Dormann has warned that if the PointandPrint setting in the Registry Editor is set to 1, Microsoft's patch will not prevent remote code execution.

Because Microsoft's patch does not account for files referenced with Universal Naming Convention, it will not block remote files used for the exploit. UNC simply references a file with a path in this form:
\\server\share\path\filename
Recent Posts
See AllThis month the S.D.N.Y. dismissed much of the SEC's fraud suit against the software developer SolarWinds Corp. The SAML certificate...
HIPS software, Host-based Intrusion Prevention System, checks a server, computer, or workstation for events occurring on that host which...