Sunday, June 26, 2022
Home Tech News Microsoft issues partial fix for ‘PrintNightmare’ vulnerability

Microsoft issues partial fix for ‘PrintNightmare’ vulnerability

Microsoft has issued an out-of-band update for the “PrintNightmare” vulnerability discovered in the Windows Print Spooler service last week.

Patch KB5004945 guards against the potential for remote code execution exploits through the Windows Print Spooler service.

As a backgrounder, the Print Spooler service manages how printing jobs are managed and scheduled in the Windows operating system. It’s enabled by default in most Windows versions. The recent vulnerability allowed remote code execution through this service.

Officially designated as CVE-2021-34527, “PrintNightmare” was accidentally published last week by the security research company Sangfor because it thought Microsoft had already fixed the issue. Sangfor’s report included a proof-of-concept attack that showed how hackers could exploit the vulnerability. With it, attackers could potentially execute code remotely with system-level privileges and freely manipulate the victim’s machine.

Microsoft also released patch KB5005010 on July 6 to prevent non-admins from installing unsigned printer drivers. After its installation, non-administrators will only be allowed to install digitally signed print drivers to a print server. Although these unsigned drivers sometimes work better with specific hardware, they may also contain malicious code as they aren’t properly vetted.

The patches are now being distributed as Windows Updates to  most versions of Windows. Some older versions, such as Windows 10 1607 and Windows Server 2016, do not have patches yet. Microsoft recommends installing the patch immediately if it’s available. Find the full list of patched versions here.

But the issue hasn’t been totally addressed just yet. As Bleeping Computer pointed out, the patches only protect against remote exploitation. Attackers could still attack a printer locally. Remote execution is arguably the riskier component to the vulnerability, but IT managers should adapt their response depending on their work environment.

To complement to the patches, Microsoft also described two workarounds in its threat guidance. Option one is disabling the Print Spooler service completely, while option two involves disabling the inbound remote printing using a group policy.

However, option one also completely disables all ability to print. Option two is a little more forgiving; while the system will no longer function as a print server, users can still print locally by attaching the device directly to the printer.

- Advertisment -

Most Popular

Watch Obi-Wan Kenobi’s Final Duel With a Revenge of the Sith Upgrade

Obi-Wan vs Vader - RESCORE with Star Wars III soundtrackSome may wonder why director Deborah Chow didn’t just do this: use that same...

10 Conspiracy Thrillers for the Truly Paranoid

In this 1975 classic, Robert Redford plays Joe Turner, a bookish CIA agent who manages to survive a targeted “hit” that kills everybody else...

Paul McCartney Pays Tribute to Johnny Depp at Glastonbury Festival

View gallery Image Credit: Anthony Harvey/Shutterstock Sir Paul McCartney, 80, took the stage at the Glastonbury Festival on Saturday, June 25, 2022. During his...

Lily-Rose Depp Wears Baby Doll Mini Dress In LA After Dad Wins Defamation Case

View gallery Image Credit: Stephen Lovekin/Shutterstock Johnny Depp‘s 23-year-old daughter, Lily Rose, was seen out an about in Los Angeles shorty after Johnny was...