Microsoft is urging Windows users to immediately update their operating system with the latest security patch, starting with devices that currently host the print spooler service. Microsoft released the security update after researchers found a serious vulnerability in Windows, known as PrintNightmare which could allow multiple users to access a printer.
In May, researchers at cybersecurity company Sangfor said they had found vulnerabilities in the Windows Print Spooler service. They published a proof-of-concept online but deleted it after realising the mistake. However, the how-to guide for exploiting the vulnerabilities was published on other sites, including developer site GitHub.
On Tuesday, Microsoft released an Out-of-Band (OOB) security update for PrintNightmare in a cumulative update release, which means it contains all previous security fixes. The tech giant said that the update fully addresses the public vulnerability, and also includes a new feature that allows customers to implement stronger protections.
“We feel that it is important to provide security updates as quickly as possible for systems that we can confidently protect today,” the company said.
Before the patch update, the printer operators’ security group could install both signed and unsigned printer drivers on a printer server. After installing CVE-2021-34527 update, delegated admin groups like printer operators could only be able to install signed printer drivers and administrator credentials will be required to install unsigned printer drivers on a printer server.
Here are the two ways to resolve the flaw:
- Install the July 2021 Out-of-band update.
- Optionally configure the RestrictDriverInstallationToAdministrators registry value to prevent non-administrators from installing printer drivers on a print server.
After the installation of the ‘July 2021 Out-of-band update’, all users will either be administrators or non-administrators as delegates will no longer be honoured. Microsoft said that security updates for Windows Server 2016, Windows 10, version 1607, and Windows Server 2012 will be delayed for a short period but are “expected soon.”
