PrintNightmare is a vulnerability that Microsoft began publicly investigating in July. It makes use of the Windows Print Spooler service's unprotected functions to trigger remote code execution (RCE) through which an attacker can execute code under the guise of SYSTEM privileges. The firm awarded it a "high" vulnerability score and provided some mitigations a few weeks ago. A patch was also released but it turned out that it could still be bypassed. That said, the company downplayed the issue, and claimed that it only happens when people use unsupported registry values.
Today, Microsoft has released a new patch, which it says changes the default behavior of Point and Print on Windows since the current implementation does not meet the security needs of its customers. Moving forward, Point and Print driver installations and updates will require administrative privileges. This essentially means that all vulnerabilities related to the Windows Print Spooler service which have been publicly documented so far will be mitigated.
Microsoft has stated that this change will adversely affect non-admin users who were previously able to install and update these drivers. However, the company believes that the benefits far outweigh this inconvenience. The company has cautioned that if IT admins do not install this update or disable this mitigation, they will be prone to PrintNightmare exploits. It is important to remember that PrintNightmare affects virtually all version of Windows, which is why it is essential that this patch is installed as soon as possible. More information can be found in the company's security advisory under CVE-2021-34481 here.
9 Comments - Add comment