The PrintNightmare Continues For Microsoft

Did you think that PrintNightmare was over because Microsoft released some patches to try and address it?

I’m here to tell you that it isn’t over.

Microsoft came up with a new “mitigation” which requires administrator privileges for Point and Print driver installation and update:

Today, we are addressing this risk by changing the default Point and Print driver installation and update behavior to require administrator privileges. The installation of this update with default settings will mitigate the publicly documented vulnerabilities in the Windows Print Spooler service. This change will take effect with the installation of the security updates released on August 10, 2021 for all supported versions of Windows, and is documented as CVE-2021-34481.

This change may impact Windows print clients in scenarios where non-elevated users were previously able to add or update printers. However, we strongly believe that the security risk justifies this change. While not recommended, customers can manually disable this mitigation with a registry key, which is outlined in the following KB Article:

KB5005652 How to manage new Point and Print default driver installation behavior

But the fun doesn’t stop there. Microsoft has also dropped the news that a new Remote Code Execution vulnerability exists via CVE-2021-36958. What that means that sysadmins are pretty much back to square one when it comes to protecting their infrastructures against PrintNightmare. And that doesn’t reflect well on Microsoft.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: