Last week, a serious vulnerability was discovered in Windows that allows unauthorized access to large parts of the system. The vulnerability officially has a symbol CVE-2021-34527, but also called Printnightmare. What lies behind both the name and the problem is a bug print spoolerIn short, it is a Windows service that deals with printers and printouts. By exploiting the vulnerability, it is possible to run code with system rights, for example, to view, change or delete data or create new administrator accounts.
Microsoft then released a flash security update yesterday for a number of versions of Windows. One The full list is available on the Microsoft website, but it includes most variants of Windows 10, Windows 7, Windows 8 as well as 8.1 and Windows Server 2019 to name a few. It is recommended to install the security update immediately, but it seems that the nightmare is not over yet.
The security update seems to fix some, but not all, issues. The user displays it only hours after the start of the update Benjamin Delby on Twitter (via Ars Technica) how can printnightmare still be used.
A short video shows a sample system with Windows Server 2019 where the new security update is installed. With Point & Print, it is possible to get around the update and restore unauthorized access. This means that systems are still at risk of hacking, especially in large corporate environments where printer drivers and software are usually updated remotely.
Microsoft’s advice to those who cannot install the update for any reason is to disable it permanently print spoolerServices. However, this does mean that the device can no longer communicate with networked printers, not even over a local network, but it fully secures against any potential attack.