Microsoft fixes PrintNightmare vulnerability but leaves it open to local attacks

Microsoft fixes PrintNightmare vulnerability but leaves it open to local attacks

Something's missing.


Microsoft fixes PrintNightmare vulnerability but leaves it open to local attacks - image1
(Image credit: Pixabay - mohamed_hassan)

Microsᴏꜰt hᴀs ɢᴏne ᴏᴜᴛ ᴏꜰ ɪᴛs ᴡᴀʏ tʜɪs ᴡᴇek ᴛᴏ fix a vulnerabilɪᴛy ᴋɴᴏᴡn ᴀs 'PrɪɴtNightmᴀʀᴇ'. First ᴏꜰficiᴀʟʟy acᴋɴᴏᴡlᴇᴅɢᴇd ʙʏ Microsᴏꜰt ᴏɴ July 1, accᴏʀdɪɴg ᴛᴏ Compʟᴇᴛe I.T. Bʟᴏɢ, tʜᴇ vulnerabilɪᴛy ᴍᴇᴀɴt ᴀɴy ɪɴstᴀɴces wʜᴇre Microsᴏꜰt Wɪɴᴅᴏws Prɪɴt Spooler servɪᴄᴇ wᴀs ʀᴜɴnɪɴg, a PC ᴡᴏᴜʟᴅ ʙᴇ ʟᴇꜰᴛ ᴏᴘᴇɴ ᴛᴏ ᴀᴛtackers, ᴡʜᴏ ᴄᴏᴜʟᴅ remotely exeᴄᴜᴛe malicioᴜs code ᴀᴛ ᴡɪʟʟ.

The news of a fix to the vulnerability, filename CVE-2021-34527, came to our attention via @Msftsecresponse on Twitter:

Microsoft has released updates to protect against CVE-2021-34527. Please see: https://t.co/QZATXCPXnxJuly 6, 2021

See more

Printers are a relatively common target for hackers trying to take control of machines, and once they find themselves with system privileges, they can easily shuffle your data, delete or copy important files, even create new accounts with admin rights, along with countless other sneaky activities.

Perfect peripherals

Microsoft fixes PrintNightmare vulnerability but leaves it open to local attacks - image2

(Image credit: Colorwave)

Best gaming mouse: the top rodents for gaming
Best gaming keyboard: your PC's best friend...
Best gaming headset: don't ignore in-game audio

With one of the only workarounds being the system admin manually disabling the Print Spooler service—unhelpful if you need to use it on a daily basis—it comes as a great relief that Microsoft has finally rolled out a patch.

But the patch isn't a full fix, leaving Print Spooler users open still to local attacks. As noted by Tijs Hofmans over at tweakers, "It is still possible to perform a local privilege escalation. To prevent this, users can disable the Point&Print functionality."

You can find the Microsoft Windows Print Spooler security updates for here, anyway. Just be aware of any dodgy looking, probably hood-wearing characters using your local network. That's what hackers look like, right?

Author's other posts