PrintNightmare: Windows Users Need To Install This Emergency Patch Right Now

PrintNightmare: Windows Users Need To Install This Emergency Patch Right Now
Photo: Nicolas Asfouri, Getty Images

Windows users, listen up. Microsoft has released an emergency patch for a critical security bug dubbed “PrintNightmare.” Per Microsoft, attackers can take advantage of this vulnerability to install malicious code, view or change a person’s data, or even “create new accounts with full user rights” — so download the fix sooner, rather than later.

The PrintNightmare bug — tracked by Microsoft under the name CVE-2021-34527 — targets Window’s Print Spooler program that’s meant to communicate between a person’s device and their printer. Multiple security researchers have documented a loophole in this tech that would theoretically allow a bad actor to worm their way from the spooler system into a person’s Windows computer in order to give themselves admin or system-level rights to the device.

While the original proof-of-concept for this exploit was deleted, enterprising computer nerds forked multiple copies of the original code — meaning that it could easily fall into some bad actor’s hands. Soon after, Microsoft issued the emergency patch.

Microsoft’s release notes that “All versions of Windows are vulnerable,” but doesn’t have patches available for all Windows systems just yet. Windows 10 version 1607, Windows Server 2016, and Windows Server 2012 all still need patches, but Microsoft promised they would be released “soon.” Microsoft also pubbed a series of queries that security and IT teams using Microsoft 365 Defender can use to hunt down Spool vulnerabilities within their own networks.

If a patch isn’t available for your system yet, Microsoft also suggests just disabling your Print Spooler software entirely. Just note that this will keep you from being able to print remotely, according to the notice. If you want to keep printing locally, you’ll need to hook up your device directly to the printer in question.

Comments

  • This patch has been bypassed already.

    It’s critical to disable the spooler on your domain controllers. Then other servers. Then workstations.

    Print servers though…..

    • it hasn’t been bypassed per se, the patch fixes the vulnerability only if “Point and Print” isn’t enabled. this is a GPO / reg key which is normally not enabled

      with that said, it’s still much better to just disable the Print Spooler service on anything but print servers… as for workstations, well that’s another ball game, i think any regular users who don’t ever print should just disable the service

Show more comments

Log in to comment on this story!