Microsoft urges Windows users to submit an update immediately after security researchers find that the system has been compromised.
Investigators wrote on Twitter in late May that they found a risk in Print Spooler, allowing more users to access the printer. They accidentally published proof-of-concept online and removed it – but not before it was published elsewhere online, including developer site GitHub.
Microsoft has warned that malicious hackers can install, view, and delete data or create new user accounts with full user rights. That gives hackers enough control and control over your PC to do a lot of damage.
Windows 10 is not the only version affected – Windows 7, Microsoft, which terminated support last year, is also under threat.
Although it has announced that it will not be releasing Windows 7 updates, Microsoft has released a 12-year version of its operating system, underscoring the seriousness of the PrintNightmare error. Updates for Windows Server 2016, Windows 10, version 1607, and Windows Server 2012 are “expected soon,” it said.
“We recommend that you install these updates as soon as possible,” the company said.
If there is good news that the current security update is compiling, that means it also contains previous fixes for previous security issues.
It is the latest in a series of security alerts from Microsoft over the past year and a half. The company was facing security issues, including in 2020 when the National Security Agency alerted Microsoft to a major flaw in its Windows system that could allow hackers to pretend to be legitimate software companies. And this year, hundreds of thousands of Exchange users are being targeted after four crashes in its software allow hackers to access email and calendar service servers. Microsoft has also been the victim of damaging SolarWinds violations.
Significantly, Microsoft has not released a patch for Windows 11. Its brand new version, which will be released soon, is currently available for beta testers. Windows 11 comes six years after Microsoft last launched its Windows 10 operating system, a major update now running on 1.3 billion devices worldwide, according to CCS Insight.
Microsoft says emergency security updates released earlier in the week have put the PrintNightmare Print Spooler at risk on all supported Windows versions and urges users to start using the updates as soon as possible.
This specific guidance comes after security researchers set a signal that it is incomplete after discovering that OOB security updates may be exceeded in certain circumstances.
“Our research has shown that OOB security upgrades are well-designed and effective compared to known print printing practices and other public collective reports called PrintNightmare,” explains the Microsoft Security Response Center.
“All of the reports we investigated were subject to a change in the default registry setting related to Point and Print to make it less accurate.”
Microsoft Clarified PrintNightmare guidance
Microsoft has updated the PatchNightmare patch guide and now encourages customers to update as soon as possible.
These are just some of the steps needed to mark this serious vulnerability of Windows Print Spooler RCE as shared by Microsoft:
- In all cases, use the CVE-2021-34527 safety update. Updates will not change existing subscription settings
- After installing the security update, update the registration settings listed in CVE-2021-34527 advice
- If the registered registration keys are missing, no further action is required
- If the registration keys are available, to protect your system, you must ensure that the following registration keys are set to 0 (zero) or missing:
- HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows NT \ Printers \ PointAndPrint
- NoWarningNoElevationOnInstall = 0 (DWORD) or unspecified (default setting)
- UpdatePromptSettings = 0 (DWORD) or unspecified (default setting)
- Further details and additional guidance can be found in the helpful text of KB5005010 and the safety advice of CVE-2021-34527.
How to install the PrintNightmare security updates
You can find detailed steps on how to incorporate these emergency security updates into the support documents attached below:
- Windows 10, version 21H1 (KB5004945)
- Windows 10, version 20H2 (KB5004945)
- Windows 10, version 2004 (KB5004945)
- Windows 10, version 1909 (KB5004946)
- Windows 10, version 1809 and Windows Server 2019 (KB5004947)
- Windows 10, version 1607 and Windows Server 2016 (KB5004948)
- Windows 10, version 1507 (KB5004950)
- Windows Server 2012 (Monthly Rollup KB5004956 / Security only KB5004960)
- Windows 8.1 and Windows Server 2012 R2 (Monthly Rollup KB5004954 / Security only KB5004958)
- Windows 7 SP1 and Windows Server 2008 R2 SP1 (Monthly Rollup KB5004953 / Security only KB5004951)
Windows Server 2008 SP2 (Monthly Rollup KB5004955 / Security only KB5004959)
If you can’t quickly install security updates on your systems, you can disable the Windows Print Spooler app to temporarily reduce your PrintNightmare risk.
On Thursday night, Microsoft also released an emergency fix to address printing issues affecting the Zebra and Dymo receipt or label printers due to changes introduced in the preview of the June 2021 collection with KB5003690, KB5004760, and the recently released KB500494545.
These fixes are released with Microsoft’s Known Issue Rollback (KIR) feature of Microsoft, which presses for fixes known problems with Windows Update and should reach the most affected systems within 24 hours (restarting the computer can also speed up the process.)