Friday, July 2nd 2021

Microsoft Acknowledges Severe, Unpatched, Actively Exploited Print Spooler Service Vulnerability "PrintNightmare"

Microsoft has acknowledged the existence of a severe and currently unpatched vulnerability in Windows' Print Spooler service (CVE-2021-34527). The vulnerability affects all versions of Windows, and is being actively exploited as per Microsoft. Poetically named "PrintNightmare", the vulnerability was published earlier this week as a PoC (Proof of Concept) exploit by security researchers, which believed the flaw had already been addressed by Microsoft at time of release (the company patched up another Print Spooler vulnerability issue with the June 2021 security patch). The code was made public and quickly scrapped when developers realized it gave would-be bad actors access to an unpatched way into users' systems - but since it's the Internet, the code had already been forked in GitHub.

The vulnerability isn't rated by the Windows developer as of yet, but it's one of the bad ones: it allows attackers to remotely execute code with system-level privileges. This is the ultimate level of security vulnerability that could exist. Microsoft is currently investigating the issue and developing a patch; however, given the urgency in closing down this exploit, the company is recommending disabling of the Windows Print Spooler service wherever possible, or at least disabling inbound remote printing through Group Policy. If you don't have a printer, just disable the service; if you do, please disable the Group Policy as per the steps outlined in the image below.
Sources: Microsoft Vulnerability guide, via The Verge, Image courtesy of The Hacker News
Add your own comment

57 Comments on Microsoft Acknowledges Severe, Unpatched, Actively Exploited Print Spooler Service Vulnerability "PrintNightmare"

#1
lynx29
"PrintNightmare" lmao

I mean to be fair, printers were and always have been a nightmare. lol
Posted on Reply
#2
neatfeatguy
I hope they don't break the print spooler like they did a year or two ago with a "security update" they pushed out.
Posted on Reply
#3
ThrashZone
Hi,
Yeah no need to be a server thanks for the heads up
Posted on Reply
#4
Lycanwolfen
I read about this like 8 days ago. But of course this is MS Pretty first before security. Pretty first before usablity. If MS was smart they would build a Linux build and make it look like Windows. Same thing they do with Edge lol chromium browser made to look like they made it.
Posted on Reply
#5
Nanochip
All versions of windows eh? How’s that TPM2.0 working out for ya?
Posted on Reply
#6
Mysteoa
NanochipAll versions of windows eh? How’s that TPM2.0 working out for ya?
And how has this anything to with it, as it isn't used yet?
Posted on Reply
#7
Nanochip
MysteoaAnd how has this anything to with it, as it isn't used yet?
The rather onerous requirements of windows 11 has been framed as being necessary for security reasons. Making it seem like windows 11 will be the most secure windows ever. Like Fort Knox. Yet, it’s already vulnerable to zero day flaws.

And the fact that windows 11 is still vulnerable to attack (which it will be given that it’s written in c and c++) suggests the onerous requirements (that will render many very capable systems as obsolete) is an anti-consumer move by Microsoft.

Because if your system doesn’t pass the windows 11 requirement, and you spend thousands of dollars to upgrade (thinking you need to do so in the name of ‘security’), your new shiny system would still be vulnerable to this zero day, and likely many other attacks.

So then, what is the point of rendering so many systems like intel 7th and 6th gen (which apparently have tpm2.0 firmware embedded into the processor) and some Ryzen first gen systems obsolete? The cost to upgrade far outweighs the security benefits (if any exist at all) gained by moving to windows 11. Especially in this upside down market with high prices and shortages of key pieces of equipment. Hopefully you can see see that.
Posted on Reply
#8
Makaveli
Hmm this is bad.

We just disabled this on all AD controllers at work.
MysteoaAnd how has this anything to with it, as it isn't used yet?
Its not related this is just another I hate windows 11 post.
Posted on Reply
#9
ThrashZone
MysteoaAnd how has this anything to with it, as it isn't used yet?
Hi,
Lots of insiders are using 11 some on main rigs so I believe that counts as relevant to the thread and a lot also have installed without all newer security features.
Posted on Reply
#10
defaultluser
NanochipThe rather onerous requirements of windows 11 has been framed as being necessary for security reasons. Making it seem like windows 11 will be the most secure windows ever. Like Fort Knox. Yet, it’s already vulnerable to zero day flaws.

And the fact that windows 11 is still vulnerable to attack (which it will be given that it’s written in c and c++) suggests the onerous requirements (that will render many very capable systems as obsolete) is an anti-consumer move by Microsoft.

Because if your system doesn’t pass the windows 11 requirement, and you spend thousands of dollars to upgrade (thinking you need to do so in the name of ‘security’), your new shiny system would still be vulnerable to this zero day, and likely many other attacks.

So then, what is the point of rendering so many systems like intel 7th and 6th gen (which apparently have tpm2.0 firmware embedded into the processor) and some Ryzen first gen systems obsolete? The cost to upgrade far outweighs the security benefits (if any exist at all) gained by moving to windows 11. Especially in this upside down market with high prices and shortages of key pieces of equipment. Hopefully you can see see that.
Yeah I just don't see anything amazing happening this time around: just look at the decade MS has taken to replace all those Win95-era menus with Metro Design Language (still not done).

It will be Windows 13 before we actually have a cohesive TPM-based security system that will actually prevent gaping security holes like these from owning your system, and in the meantime my Haswell 4790k and Skylake 6500 systems tick all of the other Windows Eleventy requirements (both have a pcie 3.0 slot for installing an m.2 drive, bring-on the load speed-bump!)
Posted on Reply
#11
Mysteoa
NanochipThe rather onerous requirements of windows 11 has been framed as being necessary for security reasons. Making it seem like windows 11 will be the most secure windows ever. Like Fort Knox. Yet, it’s already vulnerable to zero day flaws.

And the fact that windows 11 is still vulnerable to attack (which it will be given that it’s written in c and c++) suggests the onerous requirements (that will render many very capable systems as obsolete) is an anti-consumer move by Microsoft.

Because if your system doesn’t pass the windows 11 requirement, and you spend thousands of dollars to upgrade (thinking you need to do so in the name of ‘security’), your new shiny system would still be vulnerable to this zero day, and likely many other attacks.

So then, what is the point of rendering so many systems like intel 7th and 6th gen (which apparently have tpm2.0 firmware embedded into the processor) and some Ryzen first gen systems obsolete? The cost to upgrade far outweighs the security benefits (if any exist at all) gained by moving to windows 11. Especially in this upside down market with high prices and shortages of key pieces of equipment. Hopefully you can see see that.
MS never said that the TPM module will make Win11 the "most secure windows ever". That is something you are presenting as a fact. TMP module requirement is for solving part of the potential vulnerabilities. That doesn't mean you will be free from all of them.

There still few months before WIn11 is out. The requirements can change, in fact they were changing days after they were announced. You still have until 2025 to run Win10, MS is not making your PC uses junk if you are not on Win11.
Now it's up to you to decide if you want the new feature and the price for the upgrade is worth it. You could do it very cheaply with second hand Ryzen 2000 and a b450 mobo. Currently, the only shortages are for GPUs. I can buy all other parts at about normal price.
Posted on Reply
#12
Dr_b_
MysteoaMS never said that the TPM module will make Win11 the "most secure windows ever". That is something you are presenting as a fact. TMP module requirement is for solving part of the potential vulnerabilities. That doesn't mean you will be free from all of them.

There still few months before WIn11 is out. The requirements can change, in fact they were changing days after they were announced. You still have until 2025 to run Win10, MS is not making your PC uses junk if you are not on Win11.
Now it's up to you to decide if you want the new feature and the price for the upgrade is worth it. You could do it very cheaply with second hand Ryzen 2000 and a b450 mobo. Currently, the only shortages are for GPUs. I can buy all other parts at about normal price.
They never said it, but the implication to require TPM was that security in Windows is a priority, and here we have a remotely exploitable vulnerability, its relevant and a joke at the same time.
MysteoaAnd how has this anything to with it, as it isn't used yet?
Because MS is fronting their security bona fides, and failing at it, repeatedly
Posted on Reply
#13
Mysteoa
Dr_b_They never said it, but the implication to require TPM was that security in Windows is a priority, and here we have a remotely exploitable vulnerability, its relevant and a joke at the same time.


Because MS is fronting their security bona fides, and failing at it, repeatedly
At the current state of things, the majority of software or hardware probably has some kind of vulnerability. So what do you want them to do?
Posted on Reply
#14
Dr_b_
MysteoaAt the current state of things, the majority of software or hardware probably has some kind of vulnerability. So what do you want them to do?
TPM has excluded a bunch of hardware and not brought security. Also TPM isn't entirely secure either, alleged government backdoors to outright hacked, yet requiring it makes "old" hardware obsolete that otherwise would run the OS, and in either case, neither would be any more secure, because you have other attack vectors into the system. What would i have them do? Certainly don't stop trying to make it more secure, but it is fun to engage in a bit of Schadenfreude.
Posted on Reply
#15
newtekie1
Semi-Retired Folder
This is one of those exploits where most home users aren't going to be affected. So most people have nothing to worry about.
Posted on Reply
#16
5 o'clock Charlie
lynx29"PrintNightmare" lmao

I mean to be fair, printers were and always have been a nightmare. lol
Printers are a nightmare, which I think they could have used "pcloadletter" instead imho.

Just think, it could give some users the incentive they need to take their printer out to a field with a baseball bat :laugh:
Posted on Reply
#18
HD64G
So, what anyone who switched from win7 to win10 just because of security reasons has to say now?
Posted on Reply
#19
RJARRRPCGP
Print Spooler=Probably affects all versions of NT-based Windows, down to NT 5! (That also means Windows 2000 and Windows XP)
Posted on Reply
#20
Udyr
newtekie1This is one of those exploits where most home users aren't going to be affected. So most people have nothing to worry about.
Probably, but it is a service many at home don't use either. So better be "safer" than potentially sorry.
Posted on Reply
#21
R-T-B
NanochipThe rather onerous requirements of windows 11 has been framed as being necessary for security reasons. Making it seem like windows 11 will be the most secure windows ever. Like Fort Knox. Yet, it’s already vulnerable to zero day flaws.
Hardware security may make some of us complacent, but it does nothing to protect us from signed code that is already bad. Which this, and nearly all security loopholes, are.

Yet another reason I am opposed to it.
Posted on Reply
#22
Solaris17
Dainty Moderator
printing is already a nightmare, cant distinguish between virus and printer fault as is. :P
Posted on Reply
#23
AsRock
TPU addict
HD64GSo, what anyone who switched from win7 to win10 just because of security reasons has to say now?
Be more than one reason obviously, how ever if that was one of the reasons would depend on person to person but my reason was not due to any thing to security.
Posted on Reply
#24
Steevo
Thank cheap printers with shitty drivers with no on board memory of their own for this, the same set of exploits has been documented by myself and the team I was working in during XP beta and through Vista before I quit giving away time to MS in exchange for license keys and 10 year NDAs.
Posted on Reply
#25
RJARRRPCGP
Really smells like an out-of-band update coming!
Posted on Reply
Add your own comment
Copyright © 2004-2021 www.techpowerup.com. All rights reserved.
All trademarks used are properties of their respective owners.