Microsoft has revealed the introduction of Windows Protected Print Mode (WPP), a new feature that brings significant security enhancements to the Windows print system.
According to Johnathan Norman, the principal engineer manager at Microsoft Offensive Research & Security Engineering (MORSE), WPP is built on the existing IPP print stack, supporting only Mopria certified printers and disabling the loading of third-party drivers. Norman emphasized that such measures are crucial for enhancing print security in Windows, addressing vulnerabilities that have historically been exploited, as seen in incidents like Stuxnet and Print Nightmare.
The MORSE team conducted a comprehensive analysis of Windows Print-related cases reported to MSRC, revealing that Windows Protected Print Mode successfully mitigated over half of the vulnerabilities identified.
Once WPP becomes the default setting on all Windows systems, Microsoft plans to shift away from running the built-in Print Spooler service as SYSTEM. Instead, it will be launched as a restricted service, significantly reducing its access to resources and privileges. This strategic move aims to diminish the appeal of the Spooler process as a potential target for exploitation.
In addition to changing the Spooler service
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: