PrintNightmare

Summary

PrintNightmare is a critical security vulnerability affecting the Microsoft Windows operating system.[2][4] The vulnerability occurred within the print spooler service.[5][6] There were two variants, one permitting remote code execution (CVE-2021-34527), and the other leading to privilege escalation (CVE-2021-1675).[6][7] A third vulnerability (CVE-2021-34481) was announced July 15, 2021, and upgraded to remote code execution by Microsoft in August.[8][9]

PrintNightmare
CVE identifier(s)CVE-2021-1675
CVE-2021-34527
Date discoveredJune 29, 2021; 2 years ago (2021-06-29)
Date patchedJuly 6, 2021; 2 years ago (2021-07-06)[1]
DiscovererSangfor[2][3]
Affected softwareMicrosoft Windows

On July 6, 2021, Microsoft started releasing out-of-band (unscheduled) patches attempting to address the vulnerability.[10] Due to its severity, Microsoft released patches for Windows 7, for which support had ended in January 2020.[10][11] The patches resulted in some printers ceasing to function.[12][13] Researchers have noted that the vulnerability has not been fully addressed by the patches.[14] After the patch is applied, only administrator accounts on Windows print server will be able to install printer drivers.[15] Part of the vulnerability related to the ability of non-administrators to install printer drivers on the system, such as shared printers on system without sharing password protection.[15]

The organization which discovered the vulnerability, Sangfor, published a proof of concept in a public GitHub repository.[3][16] Apparently published in error, or as a result of a miscommunication between the researchers and Microsoft, the proof of concept was deleted shortly after.[3][17] However, several copies have since appeared online.[3]

See also edit

References edit

  1. ^ "July 6, 2021—KB5004945 (OS Builds 19041.1083, 19042.1083, and 19043.1083) Out-of-band". Microsoft Support. Microsoft Corporation. Archived from the original on July 10, 2021. Retrieved July 11, 2021.
  2. ^ a b Valinsky, Jordan (July 9, 2021). "Microsoft issues urgent security warning: Update your PC immediately". CNN Business. Archived from the original on July 10, 2021. Retrieved July 11, 2021.
  3. ^ a b c d Corfield, Gareth (June 30, 2021). "Leaked print spooler exploit lets Windows users remotely execute code as system on your domain controller". The Register. Archived from the original on July 8, 2021. Retrieved July 11, 2021.
  4. ^ "Microsoft fixes critical PrintNightmare bug". BBC News. July 7, 2021. Archived from the original on July 10, 2021. Retrieved July 11, 2021.
  5. ^ Winder, Davey (July 2, 2021). "New Critical Security Warning Issued For All Windows Versions As 'PrintNightmare' Confirmed". Forbes. Archived from the original on July 11, 2021. Retrieved July 11, 2021.
  6. ^ a b "Security Update Guide - Microsoft Security Response Center". msrc.microsoft.com. Microsoft Corporation. Archived from the original on July 10, 2021. Retrieved July 11, 2021.
  7. ^ "Microsoft Releases Out-of-Band Security Updates for PrintNightmare". US-CERT. Cybersecurity and Infrastructure Security Agency. July 6, 2021. Archived from the original on July 7, 2021. Retrieved July 11, 2021.
  8. ^ "More PrintNightmare: 'We TOLD you not to turn the Print Spooler back on!'". Naked Security. July 16, 2021. Retrieved September 7, 2021.
  9. ^ "Windows Print Spooler Remote Code Execution Vulnerability CVE-2021-34481". msrc.microsoft.com. Retrieved September 7, 2021.
  10. ^ a b "Out-of-Band (OOB) Security Update available for CVE-2021-34527 – Microsoft Security Response Center". Microsoft Security Response Center. Microsoft Corporation. Archived from the original on July 10, 2021. Retrieved July 11, 2021.
  11. ^ Sharwood, Simon (July 7, 2021). "Microsoft patches PrintNightmare – even on Windows 7 – but the terror isn't over". The Register. Archived from the original on July 8, 2021. Retrieved July 11, 2021.
  12. ^ Smith, Adam (July 9, 2021). "Microsoft fixes huge security bug – and breaks people's printers". The Independent. Archived from the original on July 9, 2021. Retrieved July 11, 2021.
  13. ^ Lawler, Richard (July 8, 2021). "The Windows update to fix 'PrintNightmare' made some printers stop working". The Verge. Vox Media. Archived from the original on July 10, 2021. Retrieved July 11, 2021.
  14. ^ Goodin, Dan (July 8, 2021). "Microsoft Keeps Failing to Patch the Critical 'PrintNightmare' Bug". Wired. Condé Nast. Archived from the original on July 10, 2021. Retrieved July 11, 2021.
  15. ^ a b Mackie, Kurt (July 9, 2021). "Microsoft Clarifies Its 'PrintNightmare' Patch Advice -- Redmondmag.com". Redmondmag. 1105 Media Inc. Retrieved July 11, 2021.
  16. ^ Constantin, Lucian (July 8, 2021). "PrintNightmare Vulnerability Explained: Exploits, Patches, and Workarounds". ARN. IDG Communications. Archived from the original on July 8, 2021. Retrieved July 11, 2021.
  17. ^ Warren, Tom (July 2, 2021). "Microsoft warns of Windows "PrintNightmare" vulnerability that's being actively exploited". The Verge. Vox Media. Archived from the original on July 9, 2021. Retrieved July 11, 2021.