Microsoft has released an emergency security patch for the dangerous PrintNightmare zero-day vulnerability affecting the Windows Print Spooler service. The security patch, released outside of its normal security patch release window, will come as great relief for the millions of businesses and organizations around the world attempting to mitigate this issue.
Microsoft Releases Critical Security Patch for PrintNightmare
Microsoft’s security patch comes not a moment too soon.
The PrintNightmare zero-day exploit (CVE-2021-34527) is a remote code execution vulnerability. This means that if an attacker were to exploit the vulnerability, they could theoretically execute malicious code on a target system.
Now, Microsoft has released security patches to fix the issue, covering all active Windows 10 versions (and even some no longer active, such as Windows 10 version 1507) along with Windows 8.1 and Windows 7.
There are a few notable exceptions, however, such as Windows 10 version 1607, Windows Server 2016, and Windows Server 2012, but Microsoft will undoubtedly release patches for these versions too.
How to Install Critical PrintNightmare Security Patch
For those running Windows 10, installing the PrintNightmare security patch is a simple process and works similarly to any other security patch.
- Press Windows key + I to open the Settings menu
- Head to Update & Security > Windows Update
- Select Check for updates. Download and install the latest update, then restart your system.
Microsoft Previously Announced PrintNightmare Mitigations
Prior to releasing the security patch, Microsoft released a series of PrintNightmare mitigations, primarily focused on disabling the affected Print Spooler service.
There are two ways organizations can disable the Print Spooler service: via PowerShell or through Group Policy.
PowerShell
- Open PowerShell.
- Input Stop-Service -Name Spooler -Force
- Input Set-Service -Name Spooler -StartupType Disabled
Group Policy
- Open the Group Policy Editor(gpedit.msc)
- Browse to Computer Configuration / Administrative Templates / Printers
- Locate the Allow Print Spooler to accept client connections policy
- Set to Disable > Apply
Microsoft isn’t the only organization advising users to switch print spooling services off where possible. CISA also released a statement advising a similar policy, encouraging “administrators to disable the Windows Print spooler service in Domain Controllers and systems that do not print.”
The zero-day exploit at the root of the issue almost never was. Instead, the PrintNightmare proof-of-concept was revealed accidentally then deleted almost instantaneously—but not before it had been forked and copied into the wild.
We deleted the POC of PrintNightmare. To mitigate this vulnerability, please update Windows to the latest version, or disable the Spooler service. For more RCE and LPE in Spooler, stay tuned and wait our Blackhat talk. https://t.co/heHeiTCsbQ
— zhiniang peng (@edwardzpeng) June 29, 2021
For now, the mitigation remains the same until you can download and install Microsoft’s official security patches.