Security News > 2021 > July > Microsoft struggles to wake from PrintNightmare: Latest print spooler patch can be bypassed, researchers say
So a RCE with #printnightmare on a fully patched server, with Point & Print enabled.
Mimikatz creator Benjamin Delpy, who is also responsible for the R&D Security Center at the Banque de France, shared a screenshot of a reversed-engineered Windows DLL with The Register and explained that the problem was down to how Microsoft was checking for remote libraries in its patch for PrintNightmare aka CVE-2021-34527.
Turning off the print spooler service on domain controllers and systems that do not print is the official guidance from Uncle Sam.
In short, disable the vulnerable the print spooler service on your Windows systems to prevent exploitation.
It may find itself having to push out a patch to patch the patch, in true Microsoft style.
Check the above link for the Registry keys and other requirements for what Microsoft says is a secure deployment - or just switch off print spooler and be done with it.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/07/07/printnightmare_fix_fail/
Related news
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
- Microsoft pitches pay-to-patch reboot reduction subscription for Windows Server 2025 (source)
- Microsoft May 2025 Patch Tuesday fixes 5 exploited zero-days, 72 flaws (source)
- Patch Tuesday: Microsoft fixes 5 actively exploited zero-days (source)
- Microsoft's May Patch Tuesday update fails on some Windows 11 VMs (source)
- Microsoft ships emergency patch to fix Windows 11 startup failures (source)
- Microsoft patches the patch that put Windows 11 in a coma (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-02 | CVE-2021-34527 | Unspecified vulnerability in Microsoft products <p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. | 0.0 |