Security News > 2021 > September > Fix network printing or keep Windows secure? Admins would rather disable PrintNightmare patch

Microsoft's Patch Tuesday update last week was meant to fix print vulnerabilities in Windows but also broke network printing for many, with some admins disabling security or removing the patch to get it working.

Microsoft's fix was in two phases, first to add a registry setting to increase the authorization level for remote access to printers and second, to inform admins that "The release transitions into the enforcement phase on September 14, 2021. Enforcement phase enforces the changes to address CVE-2021-1678 by increasing the authorization level without having to set the registry value." That September date was "Patch Tuesday" last week - though some admins were already having issues with network printing caused by Microsoft's other mitigation efforts.

The print nightmare escalated in June when researchers discovered that the print spooler privilege execution vulnerability meant that a compromise of one desktop PC in a network could result in an attacker getting domain administration privileges, since the print spooler runs by default on servers including domain controllers.

It appears that Microsoft has so far been unable to fix the vulnerabilities in Windows network printing by patching the code and has focused instead on tightening the security around it.

A typical Windows network has printers of varying age, from various vendors, with various levels of support.

Relevant factors include the way in which network printing is configured, the printer drivers used both on client and server, the version of Windows and its patch level, and the GPOs applied to the PCs. The type of printer driver called V4 is preferred for security but must be installed on the client.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/09/21/microsoft_printnightmare/