Following the discovery of Windows 10 PrintNightmare vulnerabilities in July, Microsoft issued an update. It alters the default behavior of the operating system and stops certain end-users from accessing print drivers.
It is the most significant change in this month’s Patch Tuesday update for the issue CVE-2021-34481. It is known as PrintNightmare. Users will need administrative privileges to install print drivers, and the issue occurred here.
The issue, caused by a vulnerability in the Windows Print Spooler service, enables a local attacker to escalate privileges to the level of ‘system,’ which allows them to install malware and establish new accounts on Windows 10 computers.
The patch was released as part of Microsoft’s August 2021 Patch Tuesday update. It contained a fix for CVE-2021-36936. It is a specific Windows Print Spooler remote code execution vulnerability. However, Microsoft has given more details regarding the patch’s effect.
This update mitigates the publicly reported vulnerabilities in the Windows Print Spooler service, according to the Microsoft Security Response Center.
It is listed as CVE-2021-34481 and will take effect with the August 10, 2021 security patches for all supported versions of Windows.
What gets a fix
This vulnerability is not appropriate for your computer, data, or linked devices. These are the major fix –
- CVE-2021-36936 Windows Print Spooler Remote Code Execution Vulnerability
- CVE-2021-36942 Windows LSA Spoofing Vulnerability
- CVE-2021-36948 Windows Update Medic Service Elevation of Privilege Vulnerability
These are the three zero-day vulnerabilities being fixed, 44 exploits are also under scrutiny.
The issue with the update is that it may impact businesses with networked printers. It increases the burden on administrators who could previously allow end users to update printer drivers through a remote server. Microsoft, on the other hand, thinks the security advantages exceed the time costs.
Microsoft has described a registry entry that may be used to deactivate this protection, although it advises against doing so. It details the procedures in the knowledge base article KB5005652, which describes how it modifies default behavior on devices that do not support Point and Print or printing capabilities.
The August 10 upgrades prevent users who do not have administrative rights from installing new printers using drivers from a remote computer or service. Users do not even update existing printer drivers using drivers from a remote computer or server after they have been installed.
“If you don’t use Point and Print, you’ll be protected by default after installing updates issued August 10, 2021, or later,” Microsoft says. Microsoft cautions that altering the default exposes the business to public risks.
Microsoft Security Response Center warns that disabling this mitigation may expose your environment to publicly known vulnerabilities in the Windows Print Spooler service and that administrators should consider their security requirements before taking on this risk.
A major threat
Initially, Microsoft found and fixed the issue in a few days. But with this bug, Microsoft alerts the Windows users that hackers may exploit them. They can simply install malware, get admin privileges, and steal user data. It is a danger. At that time, Microsoft urges users to deactivate the print spooler service.
What is Print Spooler Service?
The print spooler service is a piece of software that comes pre-installed on Windows computers. This software’s function is to temporarily store a file in the computer’s memory before sending it to the printer for printing.
The best and highly recommended safety measure against all types of vulnerability is to update Windows. Whenever your system hangs or does not function properly, simply check for the Windows update. By checking for updates regularly, you can ensure your system’s safety.
I am extremely passionate about blogging, running websites, and creating content. I have managed to turn my passion into a profession, and blogging has managed to teach me a lot about technology and myself. I write blog posts, instruction manuals, news releases, and technical descriptions, and reviews for many websites such as mcafee.com/activate
Source: Microsoft Addresses the Critical ‘Printnightmare’ Bug
