Friday, July 2nd 2021

Microsoft Acknowledges Severe, Unpatched, Actively Exploited Print Spooler Service Vulnerability "PrintNightmare"

by
Raevenlord
 Discuss (57 Comments)
Microsoft has acknowledged the existence of a severe and currently unpatched vulnerability in Windows' Print Spooler service (CVE-2021-34527). The vulnerability affects all versions of Windows, and is being actively exploited as per Microsoft. Poetically named "PrintNightmare", the vulnerability was published earlier this week as a PoC (Proof of Concept) exploit by security researchers, which believed the flaw had already been addressed by Microsoft at time of release (the company patched up another Print Spooler vulnerability issue with the June 2021 security patch). The code was made public and quickly scrapped when developers realized it gave would-be bad actors access to an unpatched way into users' systems - but since it's the Internet, the code had already been forked in GitHub.

The vulnerability isn't rated by the Windows developer as of yet, but it's one of the bad ones: it allows attackers to remotely execute code with system-level privileges. This is the ultimate level of security vulnerability that could exist. Microsoft is currently investigating the issue and developing a patch; however, given the urgency in closing down this exploit, the company is recommending disabling of the Windows Print Spooler service wherever possible, or at least disabling inbound remote printing through Group Policy. If you don't have a printer, just disable the service; if you do, please disable the Group Policy as per the steps outlined in the image below.
Sources: Microsoft Vulnerability guide, via The Verge, Image courtesy of The Hacker News

Related News

Add your own comment

57 Comments on Microsoft Acknowledges Severe, Unpatched, Actively Exploited Print Spooler Service Vulnerability "PrintNightmare"

#26
lexluthermiester
This problem is one of the many reasons why most services that are set for "Automatic" and left running should be set to Manual(Demand) and only run when needed.
Posted on Reply
#27
AusWolf
HD64GSo, what anyone who switched from win7 to win10 just because of security reasons has to say now?
The fact that ONE vulnerability that Windows 7 has is also present in Windows 10 doesn't mean that Windows 10 isn't generally safer.
MakaveliIts not related this is just another I hate windows 11 post.
Once we had the "intel sux becos RAIZEN!", then the "nvidia sux becos PAPERLAUNCH!" and now the "windows sux becos TEE-PEE-EM" posts under every single article. How hard can it be for some people to stay on topic, and not bash something that has nothing to do with the article, seriously?
Posted on Reply
#28
Frick
Fishfaced Nincompoop
HD64GSo, what anyone who switched from win7 to win10 just because of security reasons has to say now?
So will there will be a patch pushed to Windows 7 users?

Also, how does the vulnerability actually work?
Posted on Reply
#29
Gmr_Chick
FrickSo will there will be a patch pushed to Windows 7 users?

Also, how does the vulnerability actually work?
I'm wanting to know the answer to this myself. Reason I say that is because our printer, an Epson XP-340, started acting up a few days ago when my mom tried to print some important documents and couldn't, due to an imaginary paper jam. I opened the printer and checked. No paper jam. Turning it off and then back on again didn't help, either. Of course, the printer is a bit old though, so it could just be crapping out....
Posted on Reply
#30
ThrashZone
FrickSo will there will be a patch pushed to Windows 7 users?

Also, how does the vulnerability actually work?
Hi,
If you have group policy it's pretty easy to change that and in the op.
Posted on Reply
#31
HD64G
FrickSo will there will be a patch pushed to Windows 7 users?

Also, how does the vulnerability actually work?
Question is, is Win10 much more secure and stable than Win7? As for the questions you asked, only MS can answer. Let's hope soon enough...
Posted on Reply
#32
Darmok N Jalad
As others have said, printing has always been a nightmare on on Windows,. I always wonder how the service never gets reworked, as some of the issues it has printing documents is just dumbfounding. We have one wireless printer (HP OfficeJet Pro) in the home, and devices running Windows 10, MacOS, iOS, and Linux. Windows 10 is by far the worst experience printing anything. In fact, Windows is the only OS that refuses to print wirelessly, you have to plug in via USB. The kicker is, I bought this printer specifically because I could wirelessly print from the Surface 2 RT that I had at the time (yes, this printer is a tank). All the other devices typically print, no questions asked. My wife resorts to printing to PDF from Windows, saving it to a cloud drive, and printing it from her iPad, or sending it to me to print from Linux.

The worst part with Windows is that sometimes a print job will screw up so royally that you have to dive into hidden file folders and manually delete the bad print job. How is is that even Linux can do better than that?
Posted on Reply
#33
lexluthermiester
Darmok N JaladAs others have said, printing has always been a nightmare on on Windows
I disagree. I've never had many problems. But then again, I never bought cheap bargin basement printers either. I swear by color laser and buy only quality models. So that could be why. You get what you pay for and most people buy garbage printers expecting the world from them..
Posted on Reply
#34
Frick
Fishfaced Nincompoop
HD64GQuestion is, is Win10 much more secure and stable than Win7? As for the questions you asked, only MS can answer. Let's hope soon enough...
Seeing how Windows 7 doesn't get any updates it's not even a question.
Posted on Reply
#35
Darmok N Jalad
lexluthermiesterI disagree. I've never had many problems. But then again, I never bought cheap bargin basement printers either. I swear by color laser and buy only quality models. So that could be why. You get what you pay for and most people buy garbage printers expecting the world from them..
Except this was not a cheap printer. In fact, it has been running reliably for almost 10 years now. And I bought it specifically for its wireless printing support with Windows. It does only printing, not the cheap combo print/scan/copy getups that break in a year's time. The same question remains, why can I print a document perfectly fine from MacOS, iOS, or Linux and Windows 10 can't handle it?
Posted on Reply
#36
newtekie1
Semi-Retired Folder
FrickAlso, how does the vulnerability actually work?
From what I can tell, the vulnerability uses the printer sharing built into Windows. It allows an attacker to send a false print job to a computer that will execute code instead of printing.

If you are behind a NAT firewall that doesn't have the printer sharing ports opened/fowarded, then you are pretty safe from an internet based attack. But anyone that has access to your internal network could exploit this. And obviously if you say go connect your computer to a public WiFi, anyone else on that WiFi could possibly exploit this as well.
Posted on Reply
#37
lexluthermiester
FrickSeeing how Windows 7 doesn't get any updates it's not even a question.
Like XP, 7 when properly configured and secured is perfectly safe. Only those lacking understanding fail to be safe.
newtekie1From what I can tell, the vulnerability uses the printer sharing built into Windows. It allows an attacker to send a false print job to a computer that will execute code instead of printing.
Agreed, this seems to be how it works. The key is to either be sure the systems sharing a printer have no access to the internet, or if it's a stand-alone PC, to disable printer sharing.
newtekie1If you are behind a NAT firewall that doesn't have the printer sharing ports opened/fowarded, then you are pretty safe from an internet based attack.
This also.
Posted on Reply
#39
Makaveli
TheoneandonlyMrKSoooo, disable print spooler for now?!
More for enterprise users not home.
Posted on Reply
#40
lexluthermiester
TheoneandonlyMrKSoooo, disable print spooler for now?!
Unless you need it. If you have a printer then set it to "Manual" and disable print sharing.
MakaveliMore for enterprise users not home.
Incorrect. This affects everyone equally. The print spooler service is more or less the same across all versions of Windows from Vista on up regardless of which edition is in use. Even XP might be affected.
Posted on Reply
#41
TheoneandonlyMrK
MakaveliMore for enterprise users not home.
I have no printer anyway so no loss.

But it's still disabled now for me.
Posted on Reply
#42
ShiBDiB
newtekie1This is one of those exploits where most home users aren't going to be affected. So most people have nothing to worry about.
That's 99% of exploits, there's no money to be made by bad actors going after home users anymore (comparatively).
Posted on Reply
#43
DeathtoGnomes
By default, the print spooler service is active(Auto). The first thing I do on a fresh install is disable it. You dont need it if you dont have a printer. I dont think this is the first time the print spooler is used in an exploit either.
Posted on Reply
#44
Frick
Fishfaced Nincompoop
lexluthermiesterLike XP, 7 when properly configured and secured is perfectly safe. Only those lacking understanding fail to be safe.
... I assume you've heard of 0-days. "Properly configured" partly means "properly updated".
Posted on Reply
#46
lexluthermiester
Frick... I assume you've heard of 0-days.
No, never... What's that?
/s
Frick"Properly configured" partly means "properly updated".
No it doesn't. Updates can be helpful but they are NOT the end-all-be-all solution to problems. Knowing how to isolate problems as they arise is more important. This is the main reason why firewalls were created. When you combine a competent firewall with competent app/program micromanagement software, you can effectively eliminate 99.9% of most of the problems that exist WITHOUT patching. This is why I stated very confidently earlier that XP and 7 can be secured and used safely on the internet. For those of us who know what we're doing, it is a relatively trivial effort.
Posted on Reply
#47
AusWolf
lexluthermiesterNo, never... What's that?
/s


No it doesn't. Updates can be helpful but they are NOT the end-all-be-all solution to problems. Knowing how to isolate problems as they arise is more important. This is the main reason why firewalls were created. When you combine a competent firewall with competent app/program micromanagement software, you can effectively eliminate 99.9% of most of the problems that exist WITHOUT patching. This is why I stated very confidently earlier that XP and 7 can be secured and used safely on the internet. For those of use who know what we're doing, it is a relatively trivial effort.
Let's also not forget about the fact that the most important steps in internet security are having a strong wifi password (or not using wifi at all), not clicking on adverts and not responding to emails and text messages from unreliable sources. Your operating system might be full of security holes, but most of these aren't a real threat if you know how to browse the net properly.
Posted on Reply
#48
InhaleOblivion
System A *Laughs in Linux* :laugh:
System B *Cries in Windows* :banghead:
Posted on Reply
#49
R-T-B
HD64GSo, what anyone who switched from win7 to win10 just because of security reasons has to say now?
Windows 7 is affected and likely won't be patched.
Posted on Reply
#50
TheoneandonlyMrK
This is way beyond a zero day it's 2000bc comparatively.
It's been about since pong but only now some researchers discovered it.
Posted on Reply
Add your own comment
Apr 24th, 2024 00:10 EDT change timezone

Latest GPU Drivers

New Forum Posts

Popular Reviews

Controversial News Posts