Microsoft releases emergency security fix for PrintNightmare flaw — what to do
Microsoft today (July 6) pushed out an emergency patch to fix the very serious print-spooler flaw that was disclosed last week by accident.
The flaw, commonly known as “PrintNightmare” but catalogued as CVE-2021-34527, lets hackers remote seize control of any Windows system. Servers and enterprise Windows deployments are especially vulnerable to attacks using this flaw, but any computer running Windows 7 through the latest version of Windows 10 can be hit.
What you need to do
To install today’s update, run Windows Update on your Windows 10, 8.1 or 7 machine. Windows 10 users will see an update notice referring to knowledge base (KB) article KB5004940, KB5004945, KB5004946, KB5004947, depending on their build. For Windows 8.1, the knowledge base references are KB5004954 and KB5004958; Windows 7 gets KB5004951 or KB5004953. There’s more information in this Microsoft security bulletin.
After the update has been downloaded, you’ll be prompted to restart your machine to install the patch.
Don’t want the patch? Here’s what to do
If you’re truly leet and you think you don’t need to install the patch, find out by firing up PowerShell and typing in “Get-Service -Name Spooler” to see if the print spooler is running at all. (If you regularly print documents, it probably is. If you don’t know what PowerShell is, don’t do this.)
You can disable Print Spooler by typing the following into PowerShell, in order:
Stop-Service -Name Spooler -Force Set-Service -Name Spooler -StartupType Disabled
However, as Microsoft warns, “disabling the Print Spooler service disables the ability to print both locally and remotely.” If you’re a serious gamer who hasn’t touched a piece of paper in three years, that may not matter.
Everyone else will just want to install the patch so that they can keep on printing. However, there is a small downside to applying the patch; it will be harder for non-administrative users to install print drivers that are not “signed” by the manufacturer.
As the software that comes with most printers requires an administrator to install it anyhow, this should not be a huge setback. If you really want limited users to be able to install unsigned software on your machine (bad idea), then Microsoft shows you how to tweak the Registry to make that possible here.
Someday we’ll all laugh about this
The saga of PrintNightmare may seem funny in a few weeks, after everyone has patched their systems. The short version is that Microsoft fixed a very similar Print Spooler flaw in the June Patch Tuesday updates released June 8, and then raised the severity of that flaw on June 21.
A Hong Kong security firm saw that notice of severity escalation and assumed that Microsoft had fixed a flaw the security firm had (presumably) privately disclosed to Microsoft. The security firm had planned to publicly disclose the flaw at the Black Hat USA security conference in Las Vegas next month.
But after Microsoft seemed to have fixed it, the security firm on June 28 posted a proof-of-concept exploit — basically a demonstration of how to stage an attack using the flaw — on Twitter.
Whoops. Turns out Microsoft patched a different flaw, and the Hong Kong firm’s exploit worked just fine on fully patched systems.
The Hong Kong firm quickly deleted the tweet, but the secret was out, and Microsoft said it soon began to hear of the exploit being used “in the wild.” We have more on the story here.
We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.
For all the latest Technology News Click Here