Printer with hacker skull going into it

Emergency patch for PrintNightmare bugs released by Microsoft

Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email

Two RCE (Remote Code Execution) vulnerabilities in the Windows Print Spooler service have been patched by Microsoft. These vulnerabilities can allow a hacker to take over a system infected by the PrintNightmare bugs. Despite this, there are still more necessary fixes to protect all Windows systems that have been affected.

On Tuesday, Microsoft released an update for several versions of Windows to address CVE-2021-34527, the second of two bugs that were first believed to be one flaw and have since been dubbed PrintNightmare by security researchers.

However, the emergency patch issued by Microsoft seems to only address the RCE variants of PrintNightmare, not including the LPE (Local Privilege Escalation) variant, meaning hackers are still able to gain access to systems locally to gain system privileges.

Furthermore, the updates do not include Windows 10 version 1607, Windows Server 2012 or Windows Server 2016, which will be patched at a later date.

“Release notes associated with these updates might publish with a delay of up to an hour after the updates are available for download,” Microsoft said.

“Updates for the remaining affected supported versions of Windows will be released in the coming days.”

Microsoft are advising customers to install the update urgently to address the security risks.

Those unable to install these updates immediately should look at the FAQ and Workaround sections in the CVE-2021-34527 security advisory for advice on how to protect their systems from hackers aiming to capitalize on this vulnerability.

The first workaround is to stop and disable the Print Spooler service — and thus the ability to print both locally and remotely, blocking inbound printing operations.

The second is to disable inbound remote printing through Group Policy by disabling the “Allow Print Spooler to accept client connections” policy to block remote attacks, and then restarting the system. In this case, the system will no longer function as a print server, but local printing to a directly attached device will still be possible.

Could everyone in your organisation spot the tell-tale signs of a security vulnerability and help prevent a breach? Find out in in our Free Click-Prone® Test.