The 2021 Pwnie Winner For Most Epic Fail

PrintNightmare

Researcher Name(s): Microsoft

Link: https://blog.0patch.com/2021/07/free-micropatches-for-printnightmare.html

Description:

Microsoft tried to fix it but failed.  Then tried again to fix it but failed. They’re hopefully still trying. 2 patches, and it’s still kicking! It goes without saying that Microsoft identified CVE-2021-34527 as LPE; a little willpower and Twitter drama made it RCE. Microsoft came up with another patch (out-of-band) that doesn’t fix the RCE vector properly and doesn’t even try to fix the LPE anymore.