Microsoft: PrintNightmare patch works

Microsoft has published a clarification regarding the patch for the vulnerability discovered in the Windows Print Spooler. Some security researchers had pointed out that the fix could be bypassed by the exploit. The Redmond company confirmed the effectiveness of the solution, also specifying the correct configuration of the functionality Point and Print (Select and Print). PrintNightmare: working patch The CVE-2021-34527 vulnerability patch is available for all versions of Windows, including those no longer supported, such as Windows 7. The bug can be exploited to execute remote code with SYSTEM privileges and therefore a series of actions, including installing programs, wiping data, and creating accounts with administrator rights. Some security researchers had published the details of the vulnerability, mistakenly thinking that it had been fixed with the patch of 8 June, but referred to a similar problem (CVE-2021-1675). update “Out-of-band” without waiting for the next Patch Tuesday (July 13th). However, installing the update, which also includes the fix for CVE-2021-1675, is not enough to be safe. Some registry settings related to Point and Print functionality need to be checked. After installing the patch, the user needs to check the values ​​of some registry keys. The value of the DWORD NoWarningNoElevationOnInstall and UpdatePromptSettings in HKEY_LOCAL_MACHINE SOFTWARE Policies Microsoft Windows NT Printers PointAndPrint must be 0 or undefined. If these keys do not exist, the system is not vulnerable. On computers that function as print servers they must also be set two restrictions for Point and Print functionality using the Local Group Policy Editor (gpedit.msc). The “Selection and printing restrictions” item in Computer Configuration> Administrative Templates> Printers must be enabled and for the options “When installing drivers for a new connection” and “When updating drivers for an existing connection” “Show warnings and requests for elevation of privilege“.Restrictions on selection and printingMicrosoft eventually confirmed that some printers do not work more after installing the patch. The issue was addressed via Known Issue Rollback (KIR).

Categories:   Security