PrintNightmare bug in Windows allows remote code excution

Posted on Friday, Jul 02 2021 @ 15:03 CEST by Thomas De Maesschalck
MSFT
Security researchers discovered a serious security flaw (CVE-2021-34527) in the Print Spooler Service of Microsoft's Windows operating system. The zero-day bug is present in all consumer and server versions of Windows and can be abused to execute code with system-level privilege. The Print Spooler Service is enabled by default on all systems.

Microsoft basically recommends to disable printing

Cybercriminals are actively exploiting the vulnerability and enterprises are at great risk. Microsoft is working on a patch, until it's ready the software giant recommends disabling the Windows Print Spooler service or restricting inbound remote printing through Group Policy settings. Neither option is ideal for businesses. The first option makes it impossible to print locally and remotely, and the second option means it will no longer be possible to remotely print documents.

BleepingComputer has more info about mitigating the bug over here:
The available options include disabling the Print Spooler service to remove printing capability locally and remotely, or disabling inbound remote printing through Group Policy to remove remote attack vector by blocking inbound remote printing operations.

In the second case, Microsoft says that "the system will no longer function as a print server, but local printing to a directly attached device will still be possible."


About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



Loading Comments