Microsoft’s PrintNightmare Vulnerability

Microsoft’s released an Out-Of-Band (OOB) emergency patch, affecting windows systems’ print-spooler subsystem. These printing issues are being called PrintNightmare by the media. The vulnerabilities are being tracked in CVE-2021-1675 and CVE-2021-34527. Print spoolers control printing on servers and workstations. Microsoft released this patch OOB (i.e. not on Patch Tuesday) because there have been reports of exploits in the wild leading to privilege escalation and remote access. However, in some cases, this patch also broke printing on receipt and label printers connecting through a USB port.

Printer Issues after Patching

For example, Zebra, the printer manufacturer confirmed many of its printing solutions stopped printing after any of PrintNightmare patches were installed (KB5004945, KB5004760, and KB5003690). Microsoft released a statement about these failed patches suggesting businesses take the following actions: 

“This [printing] issue is resolved using Known Issue Rollback (KIR). Please note that it might take up to 24 hours for the resolution to propagate automatically to consumer devices and non-managed business devices. Restarting your Windows device might help the resolution apply to your device faster. For enterprise-managed devices that have installed an affected update and encountered this issue, it can be resolved by installing and configuring a special Group Policy.”

 

[Editor comment: Did Microsoft just say: maybe a restart could help but they aren’t sure? Really?]

What Now?

First, ensure all your systems are fully patched and updated to the latest versions published by your manufacturer. Second, consider disabling the print spooler service until Microsoft re-releases patches to fix these issues. Third, if you’re not printing via USB connections, it may be okay to apply the existing patches and hope they don’t break your printing.

CyberHoot Recommended Practices to Secure your Business

Your company needs to take other proactive measures to reduce its chances of being a victim of a cyber attack. CyberHoot recommends the taking following steps to prepare for, limit damages, and sometimes avoid cyber attacks:

Start building your robust, defense-in-depth cybersecurity plan today with CyberHoot.

Share this on your social networks. Help Friends, Family, and Colleagues become more aware and secure.