Microsoft fixes Windows Print Spooler Print Nightmare vulnerability
Microsoft has actually corrected the Print Nightmare vulnerability in the Windows Print Spooler through demanding individuals to possess management benefits when making use of the Point as well as Print function to put in laser printer vehicle drivers.
In June, a safety and security scientist by accident made known a zero-day Windows print spooler vulnerability referred to as Print Nightmare ( CVE-2021-34527). When capitalized on, this vulnerability made it possible for remote control regulation completion as well as the capability to obtain neighborhood SYSTEM benefits.
Microsoft quickly launched a safety and security upgrade that corrected the small regulation completion part.
However, analysts promptly located that it was actually feasible to capitalize on the Point as well as Print function to put in destructive print vehicle drivers that made it possible for low-privileged individuals to obtain SYSTEM benefits in Windows.
Point and Print is actually a Windows function that makes it possible for individuals to link to a print web server, also a small Internet- linked one, as well as immediately download and install as well as put in the web server’s laser printer vehicle drivers.
Using this function, safety scientist Benjamin Delpy generated a remote control print web server that put in an ink-jet printer vehicle driver permitting any type of low-privileged customer to open up a control trigger along with SYSTEM benefits, as displayed in the video clip listed below.
With this SYSTEM-level control punctual, the customer right now possesses complete command over the unit.
Point as well as Print right now demands management benefits
As component of today’s August 2021 Patch Tuesday safety updates, Windows right now demands a consumer to possess management benefits to put in an ink-jet printer vehicle driver through the Point as well as Print function.
“Our investigation into several vulnerabilities collectively referred to as “PrintNightmare” has determined that the default behavior of Point and Print does not provide customers with the level of security required to protect against potential attacks,” introduced Microsoft in a brand new advisory.
“Today, we are addressing this risk by changing the default Point and Print driver installation and update behavior to require administrator privileges. The installation of this update with default settings will mitigate the publicly documented vulnerabilities in the Windows Print Spooler service.”
“This change will take effect with the installation of the security updates released on August 10, 2021 for all versions of Windows, and is documented as CVE-2021-34481.”
Microsoft alerts that this modification might affect institutions that formerly made it possible for non-elevated individuals to incorporate or even upgrade laser printer vehicle drivers, as they will certainly no more have the ability to do this.
For institutions that call for non-elevated individuals to put in laser printer vehicle drivers, Microsoft possesses released an advisory along with guidelines on disabling this repair.
However, Microsoft highly highly recommends that individuals perform certainly not disable this modification as it “will expose your environment to the publicly known vulnerabilities in the Windows Print Spooler service”.