{"id":224458,"date":"2023-02-01T09:35:00","date_gmt":"2023-02-01T06:35:00","guid":{"rendered":"https:\/\/geek.mediadoma.com\/?p=224458"},"modified":"2023-02-01T09:38:07","modified_gmt":"2023-02-01T06:38:07","slug":"printnightmare-lever-vidare-tack-vare-ransomware-angripare","status":"publish","type":"post","link":"https:\/\/geek.mediadoma.com\/sv\/printnightmare-lever-vidare-tack-vare-ransomware-angripare\/","title":{"rendered":"PrintNightmare lever vidare tack vare Ransomware-angripare"},"content":{"rendered":"<p><a href=\"https:\/\/www.shutterstock.com\/image-photo\/computer-programmer-hacker-prints-code-on-1166453734\" target=\"_blank\" rel=\"noopener nofollow\" class=\"external external_icon\">JARIRIYAWAT \/ Shutterstock.com<\/a><\/p>\n<p>Trots Microsofts <a href=\"https:\/\/geek.mediadoma.com\/sv\/microsofts-janky-printnightmare-patch-inaktiverar-vissa-skrivare\/\" title=\"m\u00e5nga f\u00f6rs\u00f6k\">m\u00e5nga f\u00f6rs\u00f6k<\/a> att <a href=\"https:\/\/geek.mediadoma.com\/sv\/uppdatering-det-fungerar-inte-uppdatera-din-windows-dator-nu-foer-att-korrigera-saarbarheten-i-printnightmare\/\" title=\"framg\u00e5ngsrikt patcha\">framg\u00e5ngsrikt patcha<\/a> PrintNightmare \u00e4r det fortfarande inte \u00f6ver. Nu har en annan Windows 10 PrintNightmare Print Spooler-s\u00e5rbarhet avsl\u00f6jats, och den <a href=\"https:\/\/www.windowscentral.com\/windows-10-printnightmare-isnt-over-after-all-and-ransomware-attackers-are-taking-note\" target=\"_blank\" rel=\"noopener nofollow\" class=\"external external_icon\">lockar<\/a> angripare med ransomware som letar efter enkel tillg\u00e5ng till systemprivilegier.<\/p>\n<p>Microsoft sl\u00e4ppte flera patchar under juli och augusti f\u00f6r att \u00e5tg\u00e4rda s\u00e5rbarheten och justerade processen genom vilken anv\u00e4ndare kan installera nya skrivardrivrutiner. Men forskare <a href=\"https:\/\/vimeo.com\/578617278\" target=\"_blank\" rel=\"noopener nofollow\" class=\"external external_icon\">hittade fortfarande en l\u00f6sning<\/a> f\u00f6r att starta en attack genom en nyare Print Spooler-s\u00e5rbarhet, kallad CVE-2021-36958.<\/p>\n<p>Fr\u00e5n <a href=\"https:\/\/click.linksynergy.com\/deeplink?id=2QzUaswX1as&amp;mid=24542&amp;u1=rg\/94848&amp;murl=https%3A%2F%2Fmsrc.microsoft.com%2Fupdate-guide%2Fvulnerability%2FCVE-2021-36958\" target=\"_blank\" rel=\"noopener nofollow\" class=\"external external_icon\">ett inl\u00e4gg<\/a> i Microsoft Security Response Center beskriver Microsoft s\u00e5rbarheten: &quot;En s\u00e5rbarhet f\u00f6r fj\u00e4rrk\u00f6rning av kod finns n\u00e4r Windows Print Spooler-tj\u00e4nsten utf\u00f6r privilegierade filoperationer felaktigt. En angripare som lyckades utnyttja denna s\u00e5rbarhet kan k\u00f6ra godtycklig kod med SYSTEM-beh\u00f6righet. En angripare kan sedan installera program; visa, \u00e4ndra eller radera data; eller skapa nya konton med fullst\u00e4ndiga anv\u00e4ndarr\u00e4ttigheter.&quot;<\/p>\n<p>Microsoft listar ocks\u00e5 l\u00f6sningen f\u00f6r s\u00e5rbarheten som &quot;stoppa och inaktivera Print Spooler-tj\u00e4nsten.&quot; Angriparen kommer att beh\u00f6va administrat\u00f6rsbeh\u00f6righet f\u00f6r att installera n\u00f6dv\u00e4ndiga skrivardrivrutiner; Om en drivrutin redan \u00e4r installerad \u00e4r s\u00e5dana privilegier dock inte n\u00f6dv\u00e4ndiga f\u00f6r att ansluta en skrivare. Dessutom kr\u00e4vs inte att drivrutiner p\u00e5 klienter installeras, s\u00e5 s\u00e5rbarheten f\u00f6rblir, ja, s\u00e5rbar i alla fall d\u00e4r en anv\u00e4ndare ansluter till en fj\u00e4rrskrivare.<\/p>\n<p>Ransomware-angripare, naturligtvis, drar full nytta av utnyttjandet, enligt <a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-confirms-another-windows-print-spooler-zero-day-bug\/\" target=\"_blank\" rel=\"noopener nofollow\" class=\"external external_icon\">Bleeping Computer<\/a>. Magniber, en ransomware-grupp, <a href=\"https:\/\/www.crowdstrike.com\/blog\/magniber-ransomware-caught-using-printnightmare-vulnerability\/\" target=\"_blank\" rel=\"noopener nofollow\" class=\"external external_icon\">rapporterades nyligen av CrowdStrike<\/a> f\u00f6r att ha uppt\u00e4ckts i ett f\u00f6rs\u00f6k att utnyttja de olappade s\u00e5rbarheterna mot sydkoreanska offer.<\/p>\n<p>Det finns \u00e4nnu inga ord \u2013 fr\u00e5n Microsoft eller n\u00e5gon annanstans \u2013 om huruvida PrintNightmare-s\u00e5rbarheten \u00f6verhuvudtaget \u00e4r i handen. Faktum \u00e4r att <a href=\"https:\/\/www.crowdstrike.com\/blog\/magniber-ransomware-caught-using-printnightmare-vulnerability\/\" target=\"_blank\" rel=\"noopener nofollow\" class=\"external external_icon\">CrowdStrike uppskattar<\/a> &quot;att PrintNightmare-s\u00e5rbarheten tillsammans med utplaceringen av ransomware sannolikt kommer att forts\u00e4tta att utnyttjas av andra hotakt\u00f6rer.&quot;<\/p>\n<p>via <a href=\"https:\/\/www.windowscentral.com\/windows-10-printnightmare-isnt-over-after-all-and-ransomware-attackers-are-taking-note\" target=\"_blank\" rel=\"noopener nofollow\" class=\"external external_icon\">Windows Central<\/a><\/p>\n<p><div id=\"PostUnique_PostSource\" style=\"padding-top: 50px\">Inspelningsk\u00e4lla:  <a target=\"_blank\" rel=\"noopener nofollow\" href=\"\/\/www.reviewgeek.com\" class=\"external external_icon\">www.reviewgeek.com<\/a><\/div><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Trots Microsofts m\u00e5nga f\u00f6rs\u00f6k att framg\u00e5ngsrikt patcha PrintNightmare \u00e4r det fortfarande inte \u00f6ver. Nu har en annan Windows 10 PrintNightmare Print Spooler-s\u00e5rbarhet avsl\u00f6jats, och den lockar angripare med ransomware som letar efter enkel tillg\u00e5ng till systemprivilegier.<\/p>\n","protected":false},"author":1,"featured_media":152862,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_wp_rev_ctl_limit":""},"categories":[741,741,730,730,759,759],"tags":[],"class_list":["post-224458","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-diverse","category-nyheter","category-sakerhet"],"_links":{"self":[{"href":"https:\/\/geek.mediadoma.com\/sv\/wp-json\/wp\/v2\/posts\/224458","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/geek.mediadoma.com\/sv\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/geek.mediadoma.com\/sv\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/geek.mediadoma.com\/sv\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/geek.mediadoma.com\/sv\/wp-json\/wp\/v2\/comments?post=224458"}],"version-history":[{"count":0,"href":"https:\/\/geek.mediadoma.com\/sv\/wp-json\/wp\/v2\/posts\/224458\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/geek.mediadoma.com\/sv\/wp-json\/wp\/v2\/media\/152862"}],"wp:attachment":[{"href":"https:\/\/geek.mediadoma.com\/sv\/wp-json\/wp\/v2\/media?parent=224458"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/geek.mediadoma.com\/sv\/wp-json\/wp\/v2\/categories?post=224458"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/geek.mediadoma.com\/sv\/wp-json\/wp\/v2\/tags?post=224458"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}