Friday, July 2nd 2021
Microsoft Acknowledges Severe, Unpatched, Actively Exploited Print Spooler Service Vulnerability "PrintNightmare"
Microsoft has acknowledged the existence of a severe and currently unpatched vulnerability in Windows' Print Spooler service (CVE-2021-34527). The vulnerability affects all versions of Windows, and is being actively exploited as per Microsoft. Poetically named "PrintNightmare", the vulnerability was published earlier this week as a PoC (Proof of Concept) exploit by security researchers, which believed the flaw had already been addressed by Microsoft at time of release (the company patched up another Print Spooler vulnerability issue with the June 2021 security patch). The code was made public and quickly scrapped when developers realized it gave would-be bad actors access to an unpatched way into users' systems - but since it's the Internet, the code had already been forked in GitHub.
The vulnerability isn't rated by the Windows developer as of yet, but it's one of the bad ones: it allows attackers to remotely execute code with system-level privileges. This is the ultimate level of security vulnerability that could exist. Microsoft is currently investigating the issue and developing a patch; however, given the urgency in closing down this exploit, the company is recommending disabling of the Windows Print Spooler service wherever possible, or at least disabling inbound remote printing through Group Policy. If you don't have a printer, just disable the service; if you do, please disable the Group Policy as per the steps outlined in the image below.
Sources:
Microsoft Vulnerability guide, via The Verge, Image courtesy of The Hacker News
The vulnerability isn't rated by the Windows developer as of yet, but it's one of the bad ones: it allows attackers to remotely execute code with system-level privileges. This is the ultimate level of security vulnerability that could exist. Microsoft is currently investigating the issue and developing a patch; however, given the urgency in closing down this exploit, the company is recommending disabling of the Windows Print Spooler service wherever possible, or at least disabling inbound remote printing through Group Policy. If you don't have a printer, just disable the service; if you do, please disable the Group Policy as per the steps outlined in the image below.
57 Comments on Microsoft Acknowledges Severe, Unpatched, Actively Exploited Print Spooler Service Vulnerability "PrintNightmare"
I mean to be fair, printers were and always have been a nightmare. lol
Yeah no need to be a server thanks for the heads up
And the fact that windows 11 is still vulnerable to attack (which it will be given that it’s written in c and c++) suggests the onerous requirements (that will render many very capable systems as obsolete) is an anti-consumer move by Microsoft.
Because if your system doesn’t pass the windows 11 requirement, and you spend thousands of dollars to upgrade (thinking you need to do so in the name of ‘security’), your new shiny system would still be vulnerable to this zero day, and likely many other attacks.
So then, what is the point of rendering so many systems like intel 7th and 6th gen (which apparently have tpm2.0 firmware embedded into the processor) and some Ryzen first gen systems obsolete? The cost to upgrade far outweighs the security benefits (if any exist at all) gained by moving to windows 11. Especially in this upside down market with high prices and shortages of key pieces of equipment. Hopefully you can see see that.
We just disabled this on all AD controllers at work.Its not related this is just another I hate windows 11 post.
Lots of insiders are using 11 some on main rigs so I believe that counts as relevant to the thread and a lot also have installed without all newer security features.
It will be Windows 13 before we actually have a cohesive TPM-based security system that will actually prevent gaping security holes like these from owning your system, and in the meantime my Haswell 4790k and Skylake 6500 systems tick all of the other Windows Eleventy requirements (both have a pcie 3.0 slot for installing an m.2 drive, bring-on the load speed-bump!)
There still few months before WIn11 is out. The requirements can change, in fact they were changing days after they were announced. You still have until 2025 to run Win10, MS is not making your PC uses junk if you are not on Win11.
Now it's up to you to decide if you want the new feature and the price for the upgrade is worth it. You could do it very cheaply with second hand Ryzen 2000 and a b450 mobo. Currently, the only shortages are for GPUs. I can buy all other parts at about normal price.
Just think, it could give some users the incentive they need to take their printer out to a field with a baseball bat :laugh:
Yet another reason I am opposed to it.