Microsoft Warns of “PrintNightmare,” an Unpatched, Actively Exploited Flaw in the Windows Print Spooler Service

Tsing

The FPS Review
Staff member
Joined
May 6, 2019
Messages
12,268
Points
113
windows-10-hero-wallpaper-red-1024x576.jpg
Image: Microsoft



Microsoft has published an advisory pertaining to a new Windows print spooler remote code execution vulnerability that leverages code present in all versions of the operating system. Appropriately dubbed “PrintNightmare,” the vulnerability allows attackers to remotely execute code with system privileges, letting them install programs, delete data, and create accounts with full user rights. Microsoft has confirmed that the vulnerability is being actively exploited, but while there doesn’t seem to be an official fix yet, 0patch is offering temporary patches for Windows users who’d like to address the zero-day straight away. Other options include disabling the Print Spooler service or disabling inbound remote printing through Group Policy.



Microsoft has assigned CVE-2021-34527 to the remote code execution vulnerability that affects Windows Print Spooler...
Click to expand...

Continue reading...
 
Last edited by a moderator:
ahh, print spooler. . .one of the single most things I've seen that have issues in Windows 10. Whether it was caused by a crappy driver that Windows pulled from its own repository after an update or a PDF gone sideways causing the service to get clogged, and then tie up one of our network printers, and need extra effort to delete. Now this, oh joy.
 
I can't exactly disable remote printing since a large portion of our client base and employees print remotely.

This is a big problem though. They better get a fix out pronto.
 
Ugh...

Why is "inbound remote printing" even something enabled by default on a machine that is not a print server?

Did we forget the universal rule of computer security? Everything defaults to "off" and stays that way unless explicitly needed...
 
Zarathustra said:
Ugh...

Why is "inbound remote printing" even something enabled by default on a machine that is not a print server?

Did we forget the universal rule of computer security? Everything defaults to "off" and stays that way unless explicitly needed...
Click to expand...
The new way is that you are opted in to everything automatically, and even if you manage to turn it off through some voodoo magic the next windows update will turn it right back for you.
 
MadMummy76 said:
The new way is that you are opted in to everything automatically, and even if you manage to turn it off through some voodoo magic the next windows update will turn it right back for you.
Click to expand...
Sad but true and not just Windows either.
 
You must log in or register to reply here.
Become a Patron!
Back
Top