The PrintNightmare Continues For Microsoft

Did you think that PrintNightmare was over because Microsoft released some patches to try and address it?

I’m here to tell you that it isn’t over.

Microsoft came up with a new “mitigation” which requires administrator privileges for Point and Print driver installation and update:

Today, we are addressing this risk by changing the default Point and Print driver installation and update behavior to require administrator privileges. The installation of this update with default settings will mitigate the publicly documented vulnerabilities in the Windows Print Spooler service. This change will take effect with the installation of the security updates released on August 10, 2021 for all supported versions of Windows, and is documented as CVE-2021-34481.

This change may impact Windows print clients in scenarios where non-elevated users were previously able to add or update printers. However, we strongly believe that the security risk justifies this change. While not recommended, customers can manually disable this mitigation with a registry key, which is outlined in the following KB Article:

KB5005652 How to manage new Point and Print default driver installation behavior

But the fun doesn’t stop there. Microsoft has also dropped the news that a new Remote Code Execution vulnerability exists via CVE-2021-36958. What that means that sysadmins are pretty much back to square one when it comes to protecting their infrastructures against PrintNightmare. And that doesn’t reflect well on Microsoft.

Leave a Reply

%d bloggers like this: