Security News > 2021 > August > Microsoft fixes Windows Print Spooler PrintNightmare vulnerability
Microsoft has fixed the PrintNightmare vulnerability in the Windows Print Spooler by requiring users to have administrative privileges when using the Point and Print feature to install printer drivers.
In June, a security researcher accidentally disclosed a zero-day Windows print spooler vulnerability dubbed PrintNightmare.
Researchers quickly found that it was possible to exploit the Point and Print feature to install malicious print drivers that allowed low-privileged users to gain SYSTEM privileges in Windows.
Point and Print is a Windows feature that allows users to connect to a print server, even a remote Internet-connected one, and automatically download and install the server's printer drivers.
"Today, we are addressing this risk by changing the default Point and Print driver installation and update behavior to require administrator privileges. The installation of this update with default settings will mitigate the publicly documented vulnerabilities in the Windows Print Spooler service."
Microsoft strongly recommends that users do not disable this change as it "Will expose your environment to the publicly known vulnerabilities in the Windows Print Spooler service".
News URL
Related news
- Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel (source)
- Microsoft fixes Remote Desktop issues caused by Windows Server update (source)
- Microsoft: Windows 11 22H2 Home and Pro reached end of servicing (source)
- Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server (source)
- Microsoft Reveals macOS Vulnerability that Bypasses Privacy Controls in Safari Browser (source)
- Microsoft blocks Windows 11 24H2 on two ASUS models due to crashes (source)
- CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094) (source)
- Patching problems: The “return” of a Windows Themes spoofing vulnerability (source)
- Microsoft fixes Windows 10 bug causing apps to stop working (source)
- Microsoft wants $30 if you want to delay Windows 11 switch (source)