PrintNightmare: Microsoft Issues Critical Security Updates for Multiple Versions of Windows

Raevenlord · Jul 7, 2021

Remember that hideous, remotely exploitable vulnerability on Windows' Print Spooler service, which would enable remote attackers to run code with administrator privileges on your machine? Well, Microsoft seems to be waking up from this particular instance of PrintNightmare, as the company has already issued critical, out-of-band security updates (meaning that they're outside Microsoft's cadenced patch rollout) for several versions of windows. Since the Print Spooler service runs by default and is an integral part of Windows releases (likely since the NT platform development), Microsoft has even pushed out patches to OSs that aren't currently supported.

Microsoft has issued correctives for Windows Server 2019, Windows Server 2012 R2, Windows Server 2008, Windows 8.1, Windows RT 8.1, a variety of supported versions of Windows 10, and even Windows 7. As per Microsoft, Windows Server 2012, Windows Server 2016, and Windows 10 Version 1607 products are still missing the security patches, but they're being actively worked on and should be released sooner rather than later. The security patches include mitigations for both the PrintNightmare issue (CVE-2021-34527), as well as another Print Spooler vulnerability that's been previously reported (CVE-2021-1675). The mitigations are being distributed via Windows Update, as always, and the relevant packages are KB5004945 through KB5004959 (depending on your version of Windows).

View at TechPowerUp Main Site

P4-630 · Jul 7, 2021

Just installed it... KB5004945

Raevenlord · Jul 7, 2021

P4-630 said:
Just installed it... KB5004945

Thanks, will update the news piece so people know which KB to download =)

TechLurker · Jul 7, 2021

Aww, was hoping they'd push it all the way back to Win95. :roll:

I have a functional, ancient one I still use on occasion to play some Chip's Challenge, nostalgia in Packard Bell Home, and a few real-old CD games that don't like Win7+ (those obscure, silly and sometimes junk games sold at office supply shops that were DOS/95 compatible).

delshay · Jul 7, 2021

Thank you Microsoft for windows 7 support.

As of posting, windows 10 is auto downloading KB5004945.

Makaveli · Jul 7, 2021

When I woke up today it was already installed

gotta love patch tuesdays

RJARRRPCGP · Jul 7, 2021

Yep, update-Tuesday on the first Tuesday! This means an out-of-band-emergency!

But fortunately, the update routine didn't fail because of me having the Print Spooler service disabled.

ncrs · Jul 7, 2021

delshay said:
Thank you Microsoft for windows 7 support.

Aren't those just for the ESU subscribers? I don't have a Win7 to test with, so I'm not sure.

TheoneandonlyMrK · Jul 7, 2021

So there's reports the patch didn't work, anyone hear similar?!.

lexluthermiester · Jul 7, 2021

ncrs said:
Aren't those just for the ESU subscribers? I don't have a Win7 to test with, so I'm not sure.

Seems everyone will get it.

July 6, 2021—KB5004951 (Security-only update) Out-of-band - Microsoft Support

support.microsoft.com

newtekie1 · Jul 7, 2021

TheoneandonlyMrK said:
So there's reports the patch didn't work, anyone hear similar?!.

I've hear that is completely breaks printing on certain printer brands.

ncrs · Jul 7, 2021

lexluthermiester said:
Seems everyone will get it.

July 6, 2021—KB5004951 (Security-only update) Out-of-band - Microsoft Support

support.microsoft.com

The site you quoted states that it's not available from Windows/Microsoft Update, but from the Catalog instead. It also has the usual ESU eligibility comments. I guess the only way to know is to try installing it on a normal Win7

newtekie1 said:
I've hear that is completely breaks printing on certain printer brands.

~~It requires the drivers to be signed by default now. Some aren't, but it can be changed according to KB5005010.~~
Actually strike that, it's not what that KB is about, my bad. It might be related, however, and a simple re-installation of the driver by an administrative user might fix the issue.

lexluthermiester · Jul 7, 2021

ncrs said:
The site you quoted states that it's not available from Windows/Microsoft Update, but from the Catalog instead. It also has the usual ESU eligibility comments. I guess the only way to know is to try installing it on a normal Win7

It does have a lot of cross talk, but we will see. microsft often changes their minds and their site pages.

newtekie1 · Jul 8, 2021

ncrs said:
Actually strike that, it's not what that KB is about, my bad. It might be related, however, and a simple re-installation of the driver by an administrative user might fix the issue.

Nothing I could do with the driver would fix the issue, and the driver is definitely signed. The only option was to remove the update. The interesting thing is right after the reboot after uninstalling the update, right when I hit enter after typing the password, the printer started working and spitting out the jobs in the queue.

But I guess I should consider myself lucky, at least this update didn't cause a bluescreen every time a print job was sent to the printer like the update Microsoft released a few months ago.

Space Lynx · Jul 8, 2021

P4-630 said:
Just installed it... KB5004945

Microsoft’s emergency patch fails to fix critical “PrintNightmare” vulnerability

Game-over code-execution attacks are still possible even after fix is installed.

arstechnica.com

@Raevenlord might want to update the title of your thread

don't worry though, M$ will fix it all in Win 11 with that TPM 2.0!!!! :roll:

Caring1 · Jul 8, 2021

lynx29 said:
@Raevenlord might want to update the title of your thread

The title is still correct though, they never claimed to have fixed it. :roll:

Frick · Jul 8, 2021

Caring1 said:
The title is still correct though, they never claimed to have fixed it.

It appears to be another thing going on. The patch does fix it, but there's also a vulnerability in the PointAndPrint thing, which is not enabled by default.

"The demo shows that the update fails to fix vulnerable systems that use certain settings for a feature called point and print, which makes it easier for network users to obtain the printer drivers they need."

From the comments:

"Point and Print is not directly related to this vulnerability, but the technology weakens the local security posture in such a way that exploitation will be possible. To disallow Point and Print for non-administrators make sure that warning and elevation prompts are shown for printer installs and updates. The following registry keys are not present by default. Verify that the keys are not present or change the following registry values to 0 (zero):

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint
NoWarningNoElevationOnInstall = 0 (DWORD)
NoWarningNoElevationOnUpdate = 0 (DWORD)"

zlobby · Jul 8, 2021

TechLurker said:
Aww, was hoping they'd push it all the way back to Win95.

I have a functional, ancient one I still use on occasion to play some Chip's Challenge, nostalgia in Packard Bell Home, and a few real-old CD games that don't like Win7+ (those obscure, silly and sometimes junk games sold at office supply shops that were DOS/95 compatible).

Any news on 3.11?

lexluthermiester · Jul 8, 2021

Frick said:
It appears to be another thing going on. The patch does fix it, but there's also a vulnerability in the PointAndPrint thing, which is not enabled by default.

"The demo shows that the update fails to fix vulnerable systems that use certain settings for a feature called point and print, which makes it easier for network users to obtain the printer drivers they need."

From the comments:

That would make sense. In such a case manual mitigation will be required.

neatfeatguy · Jul 8, 2021

Found out that the updates break printing over the network at my place of work. Had a few folks unable to print their reports and other stuff they needed to non-local printers. So, at the moment it's either the IT guy removes the updates or works on running cables directly from some printers to the computers that are supposed to print from.....

And because it's not me that is having to fix all this stupid crap, I find it hilarious.

lexluthermiester · Jul 9, 2021

neatfeatguy said:
Found out that the updates break printing over the network at my place of work. Had a few folks unable to print their reports and other stuff they needed to non-local printers. So, at the moment it's either the IT guy removes the updates or works on running cables directly from some printers to the computers that are supposed to print from.....

And because it's not me that is having to fix all this stupid crap, I find it hilarious.

Been having that same issue with a few test machines. We came up with a different solution after removing the update from the affected test system. We disconnected the network that have the printers from the internet. There are some issues, but at least we can do the jobs needed. It's actually more important for us to have printers than internet. We're gearing up to config two different networks, one with internet & no printers and the other connected to the printers without internet.

neatfeatguy · Jul 9, 2021

lexluthermiester said:
Been having that same issue with a few test machines. We came up with a different solution after removing the update from the affected test system. We disconnected the network that have the printers from the internet. There are some issues, but at least we can do the jobs needed. It's actually more important for us to have printers than internet. We're gearing up to config two different networks, one with internet & no printers and the other connected to the printers without internet.

Sounds like you found a work around that's good. Not sure that's something the IT guy here would want to do or have time to do since one of the owners purchased a new company that ties into our line of business and he's had the IT guy over there doing all sorts of stuff, not to mention that he also has to run between three other sister companies to fix the network printer issues that popped up from these updates.

Chomiq · Jul 9, 2021

So from the sound of it looks like that KB simply disabled the group policy for Print Spooler to accept client connections.

Edit.
Nope, checked my VM and it's still set to "Not configured".

ThrashZone · Jul 9, 2021

Chomiq said:
So from the sound of it looks like that KB simply disabled the group policy for Print Spooler to accept client connections.

Edit.
Nope, checked my VM and it's still set to "Not configured".

Hi,
That was the easy fix if one had gp to use home users were hosed.

lexluthermiester · Jul 9, 2021

neatfeatguy said:
Sounds like you found a work around that's good. Not sure that's something the IT guy here would want to do or have time to do since one of the owners purchased a new company that ties into our line of business and he's had the IT guy over there doing all sorts of stuff, not to mention that he also has to run between three other sister companies to fix the network printer issues that popped up from these updates.

Ouch. Yeah that's a lot of work. I feel bad for the guy.

System Name	The Ryzening
Processor	AMD Ryzen 9 5900X
Motherboard	MSI X570 MAG TOMAHAWK
Cooling	Lian Li Galahad 360mm AIO
Memory	32 GB G.Skill Trident Z F4-3733 (4x 8 GB)
Video Card(s)	Gigabyte RTX 3070 Ti
Storage	Boot: Transcend MTE220S 2TB, Kintson A2000 1TB, Seagate Firewolf Pro 14 TB
Display(s)	Acer Nitro VG270UP (1440p 144 Hz IPS)
Case	Lian Li O11DX Dynamic White
Audio Device(s)	iFi Audio Zen DAC
Power Supply	Seasonic Focus+ 750 W
Mouse	Cooler Master Masterkeys Lite L
Keyboard	Cooler Master Masterkeys Lite L
Software	Windows 10 x64

System Name	AlderLake
Processor	Intel i7 12700K P-Cores @ 5Ghz
Motherboard	Gigabyte Z690 Aorus Master
Cooling	Noctua NH-U12A 2 fans + Thermal Grizzly Kryonaut Extreme + 5 case fans
Memory	32GB DDR5 Corsair Dominator Platinum RGB 6000MT/s CL36
Video Card(s)	MSI RTX 2070 Super Gaming X Trio
Storage	Samsung 980 Pro 1TB + 970 Evo 500GB + 850 Pro 512GB + 860 Evo 1TB x2
Display(s)	23.8" Dell S2417DG 165Hz G-Sync 1440p
Case	Be quiet! Silent Base 600 - Window
Audio Device(s)	Panasonic SA-PMX94 / Realtek onboard + B&O speaker system / Harman Kardon Go + Play / Logitech G533
Power Supply	Seasonic Focus Plus Gold 750W
Mouse	Logitech MX Anywhere 2 Laser wireless
Keyboard	RAPOO E9270P Black 5GHz wireless
Software	Windows 11
Benchmark Scores	Cinebench R23 (Single Core) 1936 @ stock Cinebench R23 (Multi Core) 23006 @ stock

System Name	The Ryzening
Processor	AMD Ryzen 9 5900X
Motherboard	MSI X570 MAG TOMAHAWK
Cooling	Lian Li Galahad 360mm AIO
Memory	32 GB G.Skill Trident Z F4-3733 (4x 8 GB)
Video Card(s)	Gigabyte RTX 3070 Ti
Storage	Boot: Transcend MTE220S 2TB, Kintson A2000 1TB, Seagate Firewolf Pro 14 TB
Display(s)	Acer Nitro VG270UP (1440p 144 Hz IPS)
Case	Lian Li O11DX Dynamic White
Audio Device(s)	iFi Audio Zen DAC
Power Supply	Seasonic Focus+ 750 W
Mouse	Cooler Master Masterkeys Lite L
Keyboard	Cooler Master Masterkeys Lite L
Software	Windows 10 x64

System Name	The Expanse
Processor	AMD Ryzen 7 9800X3D
Motherboard	Asus Prime X670E-Pro Wifi BIOS 3222 AGESA PI 1.2.0.3a
Cooling	Corsair H150i Elite LCD XT
Memory	64GB G.SKILL Trident Z5 Neo RGB DDR5 6000 CL 30-40-40-96 1T
Video Card(s)	XFX Radeon RX 7900 XTX Magnetic Air (25.5.1)
Storage	WD SN850X 2TB / Corsair MP600 1TB / Samsung 860Evo 1TB x2 Raid 0 / Asus NAS AS1004T V2 20TB
Display(s)	LG 34GP83A-B 34 Inch 21: 9 UltraGear Curved QHD (3440 x 1440) 1ms Nano IPS 160Hz
Case	Fractal Design Meshify S2
Audio Device(s)	Creative X-Fi + Logitech Z-5500 + HS80 Wireless
Power Supply	Corsair AX850 Titanium
Mouse	Corsair Dark Core RGB SE
Keyboard	Corsair K100
Software	Windows 10 Pro x64 22H2
Benchmark Scores	https://valid.x86.fr/asijsu https://browser.geekbench.com/v6/cpu/11073923

System Name	KHR-1
Processor	Ryzen 9 5900X
Motherboard	ASRock B550 PG Velocita (UEFI-BIOS P3.40)
Memory	64 GB G.Skill RipJaws V F4-3200C16D-64GVK
Video Card(s)	Sparkle Titan Arc A770 16 GB
Storage	Western Digital Black SN850 1 TB NVMe SSD
Display(s)	Alienware AW3423DWF OLED-ASRock PG27Q15R2A (backup)
Case	Corsair 275R
Audio Device(s)	Technics SA-EX140 receiver with Polk VT60 speakers
Power Supply	eVGA Supernova G3 750W
Mouse	Logitech G Pro (Hero)
Software	Windows 11 Pro x64 23H2

PrintNightmare: Microsoft Issues Critical Security Updates for Multiple Versions of Windows

Raevenlord

News Editor

P4-630

Raevenlord

News Editor

TechLurker

delshay

Makaveli

RJARRRPCGP

ncrs

TheoneandonlyMrK

lexluthermiester

July 6, 2021—KB5004951 (Security-only update) Out-of-band - Microsoft Support

newtekie1

Semi-Retired Folder

ncrs

July 6, 2021—KB5004951 (Security-only update) Out-of-band - Microsoft Support

lexluthermiester

newtekie1

Semi-Retired Folder

Space Lynx

Astronaut

Microsoft’s emergency patch fails to fix critical “PrintNightmare” vulnerability

Caring1

Frick

Fishfaced Nincompoop

zlobby

lexluthermiester

neatfeatguy

lexluthermiester

neatfeatguy

Chomiq

ThrashZone

lexluthermiester

System Name	RyzenGtEvo/ Asus strix scar II
Processor	Amd R5 5900X/ Intel 8750H
Motherboard	Crosshair hero8 impact/Asus
Cooling	360EK extreme rad+ 360$EK slim all push, cpu ek suprim Gpu full cover all EK
Memory	Gskill Trident Z 3900cas18 32Gb in four sticks./16Gb/16GB
Video Card(s)	Asus tuf RX7900XT /Rtx 2060
Storage	Silicon power 2TB nvme/8Tb external/1Tb samsung Evo nvme 2Tb sata ssd/1Tb nvme
Display(s)	Samsung UAE28"850R 4k freesync.dell shiter
Case	Lianli 011 dynamic/strix scar2
Audio Device(s)	Xfi creative 7.1 on board ,Yamaha dts av setup, corsair void pro headset
Power Supply	corsair 1200Hxi/Asus stock
Mouse	Roccat Kova/ Logitech G wireless
Keyboard	Roccat Aimo 120
VR HMD	Oculus rift
Software	Win 10 Pro
Benchmark Scores	laptop Timespy 6506

Processor	Intel Core i7 10850K@5.2GHz
Motherboard	AsRock Z470 Taichi
Cooling	Corsair H115i Pro w/ Noctua NF-A14 Fans
Memory	32GB DDR4-3600
Video Card(s)	RTX 2070 Super
Storage	500GB SX8200 Pro + 8TB with 1TB SSD Cache
Display(s)	Acer Nitro VG280K 4K 28"
Case	Fractal Design Define S
Audio Device(s)	Onboard is good enough for me
Power Supply	eVGA SuperNOVA 1000w G3
Software	Windows 10 Pro x64

Processor	7800X3D -25 all core ($196)
Motherboard	B650 Steel Legend ($189)
Cooling	RZ620 (White/Silver) ($32)
Memory	32gb ddr5 (2x16) cl 30 6000 ($80)
Video Card(s)	Merc 310 7900 XT @3200 core -.75v ($705)
Display(s)	Agon QHD 27" QD-OLED Glossy 240hz ($399)
Case	NZXT H710 (Black/Red) ($62)
Power Supply	Corsair RM850x ($109)

System Name	H7 Flow 2024
Processor	AMD 5800X3D
Motherboard	Asus X570 Tough Gaming
Cooling	Custom liquid
Memory	32 GB DDR4
Video Card(s)	Intel ARC A750
Storage	Crucial P5 Plus 2TB.
Display(s)	AOC 24" Freesync 1m.s. 75Hz
Mouse	Lenovo
Keyboard	Eweadn Mechanical
Software	W11 Pro 64 bit

System Name	Black MC in Tokyo
Processor	Ryzen 5 7600
Motherboard	MSI X670E Gaming Plus Wifi
Cooling	Be Quiet! Pure Rock 2
Memory	2 x 16GB Corsair Vengeance @ 6000Mhz
Video Card(s)	XFX 6950XT Speedster MERC 319
Storage	Kingston KC3000 1TB \| WD Black SN750 2TB \|WD Blue 1TB x 2 \| Toshiba P300 2TB \| Seagate Expansion 8TB
Display(s)	Samsung U32J590U 4K + BenQ GL2450HT 1080p
Case	Fractal Design Define R4
Audio Device(s)	AuraSound AS42 Soundbar \| Plantronics 5220 \| Sony WH-1000XM3 \| Nektar SE61 \| Behringer XR18
Power Supply	Corsair RM850x v3
Mouse	Logitech G602
Keyboard	Dell SK3205
Software	Windows 10 Pro
Benchmark Scores	Rimworld 4K ready!

System Name	Personal / HTPC
Processor	Ryzen 5900x / Ryzen 5600X3D
Motherboard	Asrock x570 Phantom Gaming 4 /ASRock B550 Phantom Gaming
Cooling	Corsair H100i / bequiet! Pure Rock Slim 2
Memory	32GB DDR4 3200 / 16GB DDR4 3200
Video Card(s)	EVGA XC3 Ultra RTX 3080Ti / EVGA RTX 3060 XC
Storage	500GB Pro 970, 250 GB SSD, 1TB & 500GB Western Digital / lots
Display(s)	Dell - S3220DGF & S3222DGM 32"
Case	Titan Silent 2 / CM HAF XB Evo
Audio Device(s)	Logitech G35 headset
Power Supply	850W SeaSonic X Series / 750W SeaSonic X Series
Mouse	Logitech G502
Keyboard	Black Microsoft Natural Elite Keyboard
Software	Windows 10 Pro 64 / Windows 10 Pro 64

Processor	Ryzen 7 5800X3D
Motherboard	Gigabyte X570 Aorus Elite
Cooling	Thermalright Phantom Spirit 120 SE
Memory	2x16 GB Crucial Ballistix 3600 CL16 Rev E @ 3600 CL14
Video Card(s)	RTX3080 Ti FE
Storage	SX8200 Pro 1 TB, Plextor M6Pro 256 GB, WD Blue 2TB
Display(s)	LG 34GN850P-B
Case	SilverStone Primera PM01 RGB
Audio Device(s)	SoundBlaster G6 \| Fidelio X2 \| Sennheiser 6XX
Power Supply	SeaSonic Focus Plus Gold 750W
Mouse	Endgame Gear XM1R
Keyboard	Wooting Two HE

System Name	Ghetto Rigs z490\|x99\|Acer 17 Nitro 7840hs/ 5600c40-2x16/ 4060/ 1tb acer stock m.2/ 4tb sn850x
Processor	10900k w/Optimus Foundation \| 5930k w/Black Noctua D15
Motherboard	z490 Maximus XII Apex \| x99 Sabertooth
Cooling	oCool D5 res-combo/280 GTX/ Optimus Foundation/ gpu water block \| Blk D15
Memory	Trident-Z Royal 4000c16 2x16gb \| Trident-Z 3200c14 4x8gb
Video Card(s)	Titan Xp-water \| evga 980ti gaming-w/ air
Storage	970evo+500gb & sn850x 4tb \| 860 pro 256gb \| Acer m.2 1tb/ sn850x 4tb\| Many2.5" sata's ssd 3.5hdd's
Display(s)	1-AOC G2460PG 24"G-Sync 144Hz/ 2nd 1-ASUS VG248QE 24"/ 3rd LG 43" series
Case	D450 \| Cherry Entertainment center on Test bench
Audio Device(s)	Built in Realtek x2 with 2-Insignia 2.0 sound bars & 1-LG sound bar
Power Supply	EVGA 1000P2 with APC AX1500 \| 850P2 with CyberPower-GX1325U
Mouse	Redragon 901 Perdition x3
Keyboard	G710+x3
Software	Win-7 pro x3 and win-10 & 11pro x3
Benchmark Scores	Are in the benchmark section