Microsoft Introduces Enhanced Windows Protected Print Mode for Increased Security

Microsoft has revealed the introduction of Windows Protected Print Mode, a new feature that brings significant security enhancements to the Windows print system.
According to Johnathan Norman, the principal engineer manager at Microsoft Offensive Research & Security Engineering, WPP is built on the existing IPP print stack, supporting only Mopria certified printers and disabling the loading of third-party drivers.
Norman emphasized that such measures are crucial for enhancing print security in Windows, addressing vulnerabilities that have historically been exploited, as seen in incidents like Stuxnet and Print Nightmare.
The MORSE team conducted a comprehensive analysis of Windows Print-related cases reported to MSRC, revealing that Windows Protected Print Mode successfully mitigated over half of the vulnerabilities identified.
Once WPP becomes the default setting on all Windows systems, Microsoft plans to shift away from running the built-in Print Spooler service as SYSTEM. Instead, it will be launched as a restricted service, significantly reducing its access to resources and privileges.
This strategic move aims to diminish the appeal of the Spooler process as a potential target for exploitation.
In addition to changing the Spooler service configuration, Microsoft will eliminate various attack vectors previously exploited by malicious actors.
This includes the removal of RPC endpoints and legacy components that have been targeted in the past.
WPP will also introduce binary mitigations, such as Control Flow Enforcement Technology, Child Process Creation Disabled, Redirection Guard, and Arbitrary Code Guard, making exploitation more challenging.
When WPP mode is enabled, normal spooler operations will go through a new Spooler that incorporates multiple security improvements.
The goal is to provide users with the most secure default configuration while allowing flexibility to revert to legacy printing if compatibility issues arise.
Microsoft assures users that the implementation of WPP will not impact customers with older printers, as they can enable legacy support.
As part of a broader printer driver strategy, Microsoft announced the gradual discontinuation of third-party printer driver delivery through Windows Update.
Starting in 2025, driver submissions from printer vendors will be blocked, with a transition to prioritizing in-house Windows IPP Class drivers by 2026.
By 2027, Microsoft plans to cease distributing third-party printer driver updates via Windows Update, except for security fixes, while users can still install drivers from vendors' websites.
Norman emphasized that this move away from driver-based printing enables Microsoft to make meaningful improvements to the print system, addressing modern threats more effectively.


This Cyber News was published on www.cysecurity.news. Publication date: Tue, 19 Dec 2023 17:13:05 +0000


Cyber News related to Microsoft Introduces Enhanced Windows Protected Print Mode for Increased Security

Microsoft Introduces Enhanced Windows Protected Print Mode for Increased Security - Microsoft has revealed the introduction of Windows Protected Print Mode, a new feature that brings significant security enhancements to the Windows print system. According to Johnathan Norman, the principal engineer manager at Microsoft Offensive ...
1 year ago Cysecurity.news
Microsoft Security Copilot improves speed and efficiency for security and IT teams - First announced in March 2023, Microsoft Security Copilot-Microsoft's first generative AI security product-has sparked major interest. With the rapid innovations of Security Copilot, we have taken this solution beyond security operations use cases ...
1 year ago Microsoft.com
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
1 year ago Microsoft.com
Windows 10 Extended Security Updates Promised for Small Businesses and Home Users - Already common for enterprises, for the first time, individuals will also get the option to pay for extended security updates for a Windows operating system that's out of support. Windows 10 will stop getting free updates, including security fixes, ...
1 year ago Techrepublic.com
Microsoft unveils new, more secure Windows Protected Print Mode - Microsoft announced a new Windows Protected Print Mode, introducing significant security enhancements to the Windows print system. Notably, once WPP rolls out and gets enabled by default on all Windows systems, Redmond will shift away from running ...
1 year ago Bleepingcomputer.com
Microsoft is working on a more secure print system for Windows - After announcing a gradual elimination of third-party printer drivers on Windows earlier this year, Microsoft has now unveiled its plan for enhancing security by introducting Windows Protected Print Mode. For years, the Windows print system has been ...
1 year ago Helpnetsecurity.com
Konica Minolta Wins Two Platinum 'ASTORS' Homeland Security Awards - ' Now in its ninth year, it continues to recognize industry leaders in physical and border security, cybersecurity, emergency preparedness management and response, law enforcement, first responders, and federal, state, and municipal government ...
9 months ago Americansecuritytoday.com
Microsoft releases first Windows Server 2025 preview build - Microsoft has released Windows Server Insider Preview 26040, the first Windows Server 2025 build for admins enrolled in its Windows Insider program. This build is the first pushed for the next Windows Server Long-Term Servicing Channel Preview, which ...
10 months ago Bleepingcomputer.com
​​Microsoft named as a Leader in three IDC MarketScapes for Modern Endpoint Security 2024 - With these security concerns top of mind, there is no surprise that in the last five years, the Modern Endpoint Security market has nearly tripled in size to defend against emerging, sophisticated, and persistent threats. Microsoft Defender for ...
9 months ago Techcommunity.microsoft.com
Windows 11 24H2 now rolling out, here are the new features - Version 24H2 is now also accessible via Windows Server Update Services (including Configuration Manager), Windows Update for Business, and the Microsoft 365 admin center. Microsoft suggests that businesses start targeted rollouts to ensure ...
2 months ago Bleepingcomputer.com
New Microsoft Incident Response guides help security teams analyze suspicious activity - Today Microsoft Incident Response are proud to introduce two one-page guides to help security teams investigate suspicious activity in Microsoft 365 and Microsoft Entra. These guides contain the artifacts that Microsoft Incident Response hunts for ...
11 months ago Microsoft.com
Microsoft is a Leader in the 2024 Gartner® Magic Quadrant™ for Security Information and Event Management​​ - We are pleased to announce that Microsoft has been recognized as a Leader in the Gartner® Magic Quadrant™ for Security Information and Event Management. 1 We believe our position in the Leaders quadrant validates our vision and continued ...
7 months ago Microsoft.com
Microsoft deprecates Defender Application Guard for Office - Microsoft is deprecating Defender Application Guard for Office and the Windows Security Isolation APIs, and it recommends Defender for Endpoint attack surface reduction rules, Protected View, and Windows Defender Application Control as an ...
1 year ago Bleepingcomputer.com
​​Microsoft is a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms - It's no secret that ransomware is top of mind for many chief information security officers as the number of attacks has increased exponentially. Scaling device protection and security operations center efficiency by simplifying, automating, and ...
11 months ago Microsoft.com
Microsoft starts testing new Windows 11 Energy Saver feature - Microsoft has started testing a new Windows 11 Energy Saver feature that helps customers extend their portable computers' battery life. This new feature is currently available to Insiders in the Canary Channel who have installed Windows 11 Insider ...
1 year ago Bleepingcomputer.com
Week in review: PoC for Splunk Enterprise RCE flaw released, scope of Okta breach widens - Vulnerability disclosure: Legal risks and ethical considerations for researchersIn this Help Net Security interview, Eddie Zhang, Principal Consultant at Project Black, explores the complex and often controversial world of vulnerability disclosure in ...
1 year ago Helpnetsecurity.com
What Is Security Service Edge: All You Need to Know - Security service edge is a security technology that secures access to assets outside of the corporate network. Security service edge introduces a control that connects to remote users and assets before they connect to each other. All SSE tools borrow ...
6 months ago Esecurityplanet.com
Microsoft Will Charge for Windows 10 Security Updates in 2025 - All good things must come to an end, and a decade after its first release, Windows 10 will finally be sent to a farm upstate. It had a good run, though Microsoft plans to keep dropping security updates after the OS' demise on Oct. 14, 2025. Just be ...
1 year ago Packetstormsecurity.com
Microsoft No Longer Selling Windows 10 Licenses Redirects to Windows 11 Product Pages - Marking an end to an era, Microsoft is no longer directly selling Windows 10 product keys on their website, instead redirecting users to Windows 11 product pages. This month, Microsoft began displaying an alert on their Windows 10 Home and Pro ...
1 year ago Bleepingcomputer.com
Cybersecurity jobs available right now: October 2, 2024 - Help Net Security - As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior, risk assessment, and network security to ...
2 months ago Helpnetsecurity.com
Microsoft extends Windows Server 2012 ESUs to October 2026 - Microsoft provides three more years of Windows Server 2012 Extended Security Updates until October 2026, giving administrators more time to upgrade or migrate to Azure. The company also prolonged the end date for Windows Server 2012 and extended ...
1 year ago Bleepingcomputer.com
Microsoft Copilot for Security provides immediate impact for the Microsoft Defender Experts team - AI is quickly becoming a force multiplier-presenting significant opportunities for security teams to increase productivity, save time, upskill resources, and more. Microsoft Copilot for Security is already showing immediate impact for security teams ...
10 months ago Microsoft.com
Five business use cases for evaluating Azure Virtual WAN security solutions - To help organizations who are evaluating security solutions to protect their Virtual WAN deployments, this article considers five business use cases and explains how Check Point enhances and complements Azure security with its best-of-breed, ...
7 months ago Blog.checkpoint.com
Embracing Security as Code - Everything is smooth until it isn't because we traditionally tend to handle the security stuff at the end of the development lifecycle, which adds cost and time to fix those discovered security issues and causes delays. Over the years, software ...
11 months ago Feeds.dzone.com
How to manage a migration to Microsoft Entra ID - Microsoft Entra ID, formerly Azure Active Directory, is not a direct replacement for on-premises Active Directory due to feature gaps and alternative ways to perform similar identity and access management tasks. For some organizations, a move to ...
11 months ago Techtarget.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)