Microsoft is working on a more secure print system for Windows

After announcing a gradual elimination of third-party printer drivers on Windows earlier this year, Microsoft has now unveiled its plan for enhancing security by introducting Windows Protected Print Mode.
For years, the Windows print system has been a key target for attackers because the Windows Print Spooler service/process has high privileges that can be exploited to execute malicious files.
Vulnerabilities affecting the service have been regularly discovered by researchers and attackers.
Driver compatibility is also an issue since old ones are often not compatible with modern Microsoft's security features such as Control Flow Guard, Control Flow Enforcement Technology, Arbitrary Code Guard, and more.
Finally, when a vulnerability is discovered in a driver, Microsoft is dependent on the third-party to update the driver.
Windows Protected Print Mode, for now limited to Windows Insiders, only supports Mopria-certified printers and disables third-party printer drivers.
Eliminate legacy configurations that allowed attackers to abuse printer ports as Dynamic Link Libraries and load malicious code.
Update legacy APIs to reduce the opportunity for attackers to use the Spooler to modify files on the system.
Allow only Microsoft Signed binaries required for the internet printing protocol to be loaded.
Run XPS rendering as the user instead of SYSTEM, to minimize the impact of memory corruption vulnerabilities.
Move common Spooler tasks to a process running as the user Remove third-party binaries to enable Microsoft's aforementioned binary mitigations Prevent Point and Print from installing third-party drivers, reducing the risk of attackers pretending to be printers and tricking users into installing malicious drivers.
Inform users when their print traffic is encrypted and encourage them to enable encryption when it's not.


This Cyber News was published on www.helpnetsecurity.com. Publication date: Mon, 18 Dec 2023 14:28:05 +0000


Cyber News related to Microsoft is working on a more secure print system for Windows

Microsoft Introduces Enhanced Windows Protected Print Mode for Increased Security - Microsoft has revealed the introduction of Windows Protected Print Mode, a new feature that brings significant security enhancements to the Windows print system. According to Johnathan Norman, the principal engineer manager at Microsoft Offensive ...
1 year ago Cysecurity.news
Windows 10 Extended Security Updates Promised for Small Businesses and Home Users - Already common for enterprises, for the first time, individuals will also get the option to pay for extended security updates for a Windows operating system that's out of support. Windows 10 will stop getting free updates, including security fixes, ...
1 year ago Techrepublic.com
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
1 year ago Microsoft.com
Microsoft is working on a more secure print system for Windows - After announcing a gradual elimination of third-party printer drivers on Windows earlier this year, Microsoft has now unveiled its plan for enhancing security by introducting Windows Protected Print Mode. For years, the Windows print system has been ...
1 year ago Helpnetsecurity.com
Microsoft unveils new, more secure Windows Protected Print Mode - Microsoft announced a new Windows Protected Print Mode, introducing significant security enhancements to the Windows print system. Notably, once WPP rolls out and gets enabled by default on all Windows systems, Redmond will shift away from running ...
1 year ago Bleepingcomputer.com
How to manage a migration to Microsoft Entra ID - Microsoft Entra ID, formerly Azure Active Directory, is not a direct replacement for on-premises Active Directory due to feature gaps and alternative ways to perform similar identity and access management tasks. For some organizations, a move to ...
11 months ago Techtarget.com
New Microsoft Incident Response guides help security teams analyze suspicious activity - Today Microsoft Incident Response are proud to introduce two one-page guides to help security teams investigate suspicious activity in Microsoft 365 and Microsoft Entra. These guides contain the artifacts that Microsoft Incident Response hunts for ...
11 months ago Microsoft.com
Secure Workload and Secure Firewall: The recipe for a robust zero trust cybersecurity strategy - You hear a lot about zero trust microsegmentation these days and rightly so. While a host-based enforcement approach is immensely powerful because it provides access to rich telemetry in terms of processes, packages, and CVEs running on the ...
1 year ago Feedpress.me
Cyber Insights 2023: Cyberinsurance - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. In 2022, Russia invaded Ukraine with the potential for more serious and more ...
1 year ago Securityweek.com
​​Microsoft named as a Leader in three IDC MarketScapes for Modern Endpoint Security 2024 - With these security concerns top of mind, there is no surprise that in the last five years, the Modern Endpoint Security market has nearly tripled in size to defend against emerging, sophisticated, and persistent threats. Microsoft Defender for ...
9 months ago Techcommunity.microsoft.com
Microsoft Will Charge for Windows 10 Security Updates in 2025 - All good things must come to an end, and a decade after its first release, Windows 10 will finally be sent to a farm upstate. It had a good run, though Microsoft plans to keep dropping security updates after the OS' demise on Oct. 14, 2025. Just be ...
1 year ago Packetstormsecurity.com
Microsoft No Longer Selling Windows 10 Licenses Redirects to Windows 11 Product Pages - Marking an end to an era, Microsoft is no longer directly selling Windows 10 product keys on their website, instead redirecting users to Windows 11 product pages. This month, Microsoft began displaying an alert on their Windows 10 Home and Pro ...
1 year ago Bleepingcomputer.com
Cyber Insights 2023: ICS and Operational Technology - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. At the same time, ICS/OT is facing an expanding attack surface caused by ...
1 year ago Securityweek.com
Microsoft deprecates Defender Application Guard for Office - Microsoft is deprecating Defender Application Guard for Office and the Windows Security Isolation APIs, and it recommends Defender for Endpoint attack surface reduction rules, Protected View, and Windows Defender Application Control as an ...
1 year ago Bleepingcomputer.com
Microsoft extends Windows Server 2012 ESUs to October 2026 - Microsoft provides three more years of Windows Server 2012 Extended Security Updates until October 2026, giving administrators more time to upgrade or migrate to Azure. The company also prolonged the end date for Windows Server 2012 and extended ...
1 year ago Bleepingcomputer.com
​​Microsoft is a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms - It's no secret that ransomware is top of mind for many chief information security officers as the number of attacks has increased exponentially. Scaling device protection and security operations center efficiency by simplifying, automating, and ...
11 months ago Microsoft.com
How to Download the Windows 11 KB5022360 Preview Update with 15 Improvements? - Are you looking to download the Windows 11 KB5022360 Preview update with 15 improvements? Microsoft has recently released the preview of the Windows 11 KB5022360 update that contains several improvements and fixes, including nine security updates, to ...
1 year ago Bleepingcomputer.com
New Microsoft Purview features use AI to help secure and govern all your data - More than 90% of organizations use multiple cloud infrastructures, platforms, and services to run their business, adding complexity to securing all data.1Microsoft Purview can help you secure and govern your entire data estate in this complex and ...
1 year ago Microsoft.com
Microsoft releases first Windows Server 2025 preview build - Microsoft has released Windows Server Insider Preview 26040, the first Windows Server 2025 build for admins enrolled in its Windows Insider program. This build is the first pushed for the next Windows Server Long-Term Servicing Channel Preview, which ...
10 months ago Bleepingcomputer.com
Microsoft Introduces PC Cleaner App to Boost PC Performance - In a move to enhance user experience, Microsoft has predicated its PC Cleaner app, now conveniently available on the Microsoft Store for both Windows 10 and Windows 11 users. Developed and tested since 2022 under the name PC Manager, originally ...
10 months ago Cysecurity.news
Microsoft is a Leader in the 2024 Gartner® Magic Quadrant™ for Security Information and Event Management​​ - We are pleased to announce that Microsoft has been recognized as a Leader in the Gartner® Magic Quadrant™ for Security Information and Event Management. 1 We believe our position in the Leaders quadrant validates our vision and continued ...
7 months ago Microsoft.com
Microsoft fixes Copilot issue blocking Windows 11 upgrades - Microsoft has lifted a compatibility hold that blocked upgrades to Windows 11 23H2 after resolving an issue that caused desktop icons to move erratically when using Windows Copilot on multi-monitor systems. On Windows systems with more than one ...
10 months ago Bleepingcomputer.com
Windows 11 24H2 now rolling out, here are the new features - Version 24H2 is now also accessible via Windows Server Update Services (including Configuration Manager), Windows Update for Business, and the Microsoft 365 admin center. Microsoft suggests that businesses start targeted rollouts to ensure ...
2 months ago Bleepingcomputer.com
Fake Ledger Live app in Microsoft Store steals $768,000 in crypto - Microsoft has recently removed from its store a fraudulent Ledger Live app for cryptocurrency management after multiple users lost at least $768,000 worth of cryptocurrency assets. Published with the name Ledger Live Web3, the fake application ...
1 year ago Bleepingcomputer.com
Microsoft SFI progress report elicits cautious optimism | TechTarget - "After a year, it looks like Microsoft has made some smart and substantive initial progress in elevating security across the whole organization: investment in security-focused head count, inclusion of security into performance reports across the ...
2 months ago Techtarget.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)