A couple months ago, a security flaw was discovered in Microsoft Windows Print Spooler service, known as PrintNightmare or CVE-2021-36958. The flaw allowed threat actors to escalate privilege to the systems level, creating the opportunity to install malware and create new accounts on Windows 10 machines.
Initially, Microsoft issued an emergency patch for Windows users, but security researchers soon discovered the patch failed to fix the underlying vulnerability.
Now, Microsoft has finally fixed the vulnerability with an update requiring users with admin rights to install print drivers.
Microsoft PrintNightmare patch requires admin privilege
The new patch came as part of the Microsoft Security Response Center (MSRC) update guide, but it will create some additional work for SysAdmins.
For many organizations using the Point and Print driver installation, end-users were previously able to install printer driver updates from a remote server; that responsibility now falls to administrators.
Here is a statement from Microsoft on the security update:
"Our investigation into several vulnerabilities collectively referred to as 'PrintNightmare' has determined that the default behavior of Point and Print does not provide customers with the level of security required to protect against potential attacks.
We are addressing this risk by changing the default Point and Print driver installation and update behavior to require administrator privileges. The installation of this update with default settings will mitigate the publicly documented vulnerabilities in the Windows Print Spooler service."
Microsoft believes the security benefits strongly outweigh the costs, but it has provided a way to disable this mitigation with a registry key, allowing end-users to install printer updates, though it advises against this. It notes that by doing so, organizations would be exposed to publicly available threats.
For more information on the PrintNightmare vulnerability, visit the MSRC's page on the patch.
