PrintNighmare - Vulnerability & Printer Issues Post Installation

22 July, 2021

Multiple vulnerabilities related to printers have been disclosed over the past couple of months, exposing your systems to remote code execution. Depending on their access level, they could use ransomware or other malware, or elevate their privileges to a more powerful account if they already have access.

In June, Microsoft released a patch for the Windows Print Spooler to fix a local privilege escalation vulnerability. It wasn't long before we found out that the patch did not fix the vulnerability, and that the scope of the vulnerability was greater than we initially believed.

The vulnerability was dubbed "PrintNighmare" (CVE-2021-34527) after researchers discovered a way to turn it into a remote code execution (RCE) vulnerability. Microsoft released another patch early in July, but there is some evidence that even with the patch this vulnerability could still be exploited. In response, Microsoft released some additional information and mitigation steps.

Reference Articles

https://support.microsoft.com/en-us/topic/kb5005010-restricting-installation-of-new-printer-drivers-after-applying-the-july-6-2021-updates-31b91c02-05bc-4ada-a7ea-183b129578a7

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34481

https://www.bleepingcomputer.com/news/microsoft/new-windows-print-spooler-zero-day-exploitable-via-remote-print-servers/

https://www.bleepingcomputer.com/news/microsoft/new-windows-10-vulnerability-allows-anyone-to-get-admin-privileges/

Known Issues

Since installing the update, users are reporting that they cannot print to network print servers, various other issues were reported as well where they are not able to add new printers.

Recommendation - Hold the patch, further issues were fixed in cumulative updates released on September & October 21.

Announcements

22 July 2021

# Topics

Automation

Security

Vulnerability