PrintNightmare explained
PrintNightmare is a critical security vulnerability affecting the Microsoft Windows operating system.[3] [4] The vulnerability occurred within the print spooler service.[5] [6] There were two variants, one permitting remote code execution (CVE-2021-34527), and the other leading to privilege escalation (CVE-2021-1675).[7] A third vulnerability (CVE-2021-34481) was announced July 15, 2021, and upgraded to remote code execution by Microsoft in August.[8] [9]
On July 6, 2021, Microsoft started releasing out-of-band (unscheduled) patches attempting to address the vulnerability.[10] Due to its severity, Microsoft released patches for Windows 7, for which support had ended in January 2020.[11] The patches resulted in some printers ceasing to function.[12] [13] Researchers have noted that the vulnerability has not been fully addressed by the patches.[14] After the patch is applied, only administrator accounts on Windows print server will be able to install printer drivers. Part of the vulnerability related to the ability of non-administrators to install printer drivers on the system, such as shared printers on system without sharing password protection.[15]
The organization which discovered the vulnerability, Sangfor, published a proof of concept in a public GitHub repository.[16] [17] Apparently published in error, or as a result of a miscommunication between the researchers and Microsoft, the proof of concept was deleted shortly after.[18] However, several copies have since appeared online.
See also
Notes and References
- Web site: July 6, 2021—KB5004945 (OS Builds 19041.1083, 19042.1083, and 19043.1083) Out-of-band . Microsoft Support . Microsoft Corporation . July 11, 2021 . July 10, 2021 . https://web.archive.org/web/20210710130245/https://support.microsoft.com/en-us/topic/july-6-2021-kb5004945-os-builds-19041-1083-19042-1083-and-19043-1083-out-of-band-44b34928-0a71-4473-aa22-ecf3b83eed0e . live .
- Web site: Security Update Guide - Microsoft Security Response Center . 2024-06-17 . msrc.microsoft.com.
- Web site: Valinsky . Jordan . Microsoft issues urgent security warning: Update your PC immediately . CNN Business . July 11, 2021 . July 9, 2021 . July 10, 2021 . https://web.archive.org/web/20210710211113/https://edition.cnn.com/2021/07/07/tech/microsoft-security-update/index.html . live .
- Web site: Microsoft fixes critical PrintNightmare bug . BBC News . July 11, 2021 . July 7, 2021 . July 10, 2021 . https://web.archive.org/web/20210710104629/https://www.bbc.com/news/technology-57750138 . live .
- Web site: Winder . Davey . New Critical Security Warning Issued For All Windows Versions As 'PrintNightmare' Confirmed . Forbes . July 2, 2021 . July 11, 2021 . July 11, 2021 . https://web.archive.org/web/20210711072318/https://www.forbes.com/sites/daveywinder/2021/07/02/new-critical-security-warning-issued-for-all-windows-versions-as-printnightmare-confirmed/?sh=7b55712b7d04 . live .
- Web site: Security Update Guide - Microsoft Security Response Center . msrc.microsoft.com . Microsoft Corporation . July 11, 2021 . July 10, 2021 . https://web.archive.org/web/20210710193234/https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 . live .
- Web site: Microsoft Releases Out-of-Band Security Updates for PrintNightmare. US-CERT. Cybersecurity and Infrastructure Security Agency. July 6, 2021 . July 11, 2021 . July 7, 2021 . https://web.archive.org/web/20210707223905/https://us-cert.cisa.gov/ncas/current-activity/2021/07/06/microsoft-releases-out-band-security-updates-printnightmare. live.
- Web site: July 16, 2021. More PrintNightmare: 'We TOLD you not to turn the Print Spooler back on!' . September 7, 2021 . Naked Security .
- Web site: Windows Print Spooler Remote Code Execution Vulnerability CVE-2021-34481 . September 7, 2021 . msrc.microsoft.com.
- Web site: Out-of-Band (OOB) Security Update available for CVE-2021-34527 – Microsoft Security Response Center . Microsoft Security Response Center . Microsoft Corporation . July 11, 2021 . July 10, 2021 . https://web.archive.org/web/20210710040714/https://msrc-blog.microsoft.com/2021/07/06/out-of-band-oob-security-update-available-for-cve-2021-34527/ . live .
- Web site: Sharwood . Simon . Microsoft patches PrintNightmare – even on Windows 7 – but the terror isn't over . The Register . July 11, 2021 . July 7, 2021 . July 8, 2021 . https://web.archive.org/web/20210708064529/https://www.theregister.com/2021/07/07/printnightmare_patched/ . live .
- Web site: Smith . Adam . Microsoft fixes huge security bug – and breaks people's printers . The Independent . July 11, 2021 . July 9, 2021 . registration . July 9, 2021 . https://web.archive.org/web/20210709125919/https://www.independent.co.uk/life-style/gadgets-and-tech/microsoft-printnightmare-windows-printers-update-b1881109.html . live .
- Web site: Lawler . Richard . The Windows update to fix 'PrintNightmare' made some printers stop working . July 8, 2021 . The Verge . July 11, 2021 . Vox Media . July 10, 2021 . https://web.archive.org/web/20210710113908/https://www.theverge.com/2021/7/8/22569387/zebra-windows-security-update-printer-spooler-microsoft . live .
- Goodin . Dan . Microsoft Keeps Failing to Patch the Critical 'PrintNightmare' Bug . Wired . Condé Nast . July 11, 2021 . July 8, 2021 . July 10, 2021 . https://web.archive.org/web/20210710221442/https://www.wired.com/story/microsoft-keeps-failing-patch-windows-printnightmare-bug/ . live .
- Web site: Mackie . Kurt . Microsoft Clarifies Its 'PrintNightmare' Patch Advice -- Redmondmag.com . Redmondmag . 1105 Media Inc . July 11, 2021 . July 9, 2021 .
- Web site: Corfield . Gareth . Leaked print spooler exploit lets Windows users remotely execute code as system on your domain controller . The Register . July 11, 2021 . June 30, 2021 . July 8, 2021 . https://web.archive.org/web/20210708162327/https://www.theregister.com/2021/06/30/windows_print_spool_vuln_rce/ . live .
- Web site: Constantin . Lucian . PrintNightmare Vulnerability Explained: Exploits, Patches, and Workarounds . ARN . IDG Communications . July 11, 2021 . July 8, 2021 . July 8, 2021 . https://web.archive.org/web/20210708221617/https://www.arnnet.com.au/article/689631/printnightmare-vulnerability-explained-exploits-patches-workarounds/ . live .
- Web site: Warren . Tom . Microsoft warns of Windows "PrintNightmare" vulnerability that's being actively exploited . The Verge . Vox Media . July 11, 2021 . July 2, 2021 . July 9, 2021 . https://web.archive.org/web/20210709183031/https://www.theverge.com/2021/7/2/22560435/microsoft-printnightmare-windows-print-spooler-service-vulnerability-exploit-0-day . live .