Microsoft’s PrintNightmare Vulnerability

13th July 2021 | Blog Microsoft’s PrintNightmare Vulnerability


microsoft printnightmare

Microsoft’s released an Out-Of-Band (OOB) emergency patch, affecting windows systems’ print-spooler subsystem. These printing issues are being called PrintNightmare by the media. The vulnerabilities are being tracked in CVE-2021-1675 and CVE-2021-34527. Print spoolers control printing on servers and workstations. Microsoft released this patch OOB (i.e. not on Patch Tuesday) because there have been reports of exploits in the wild leading to privilege escalation and remote access. However, in some cases, this patch also broke printing on receipt and label printers connecting through a USB port.

Printer Issues after Patching

For example, Zebra, the printer manufacturer confirmed many of its printing solutions stopped printing after any of PrintNightmare patches were installed (KB5004945, KB5004760, and KB5003690). Microsoft released a statement about these failed patches suggesting businesses take the following actions: 

“This [printing] issue is resolved using Known Issue Rollback (KIR). Please note that it might take up to 24 hours for the resolution to propagate automatically to consumer devices and non-managed business devices. Restarting your Windows device might help the resolution apply to your device faster. For enterprise-managed devices that have installed an affected update and encountered this issue, it can be resolved by installing and configuring a special Group Policy.”

[Editor comment: Did Microsoft just say: maybe a restart could help but they aren’t sure? Really?]

What Now?

First, ensure all your systems are fully patched and updated to the latest versions published by your manufacturer. Second, consider disabling the print spooler service until Microsoft re-releases patches to fix these issues. Third, if you’re not printing via USB connections, it may be okay to apply the existing patches and hope they don’t break your printing.

CyberHoot Recommended Practices to Secure your Business

Your company needs to take other proactive measures to reduce its chances of being a victim of a cyber attack. CyberHoot recommends the taking following steps to prepare for, limit damages, and sometimes avoid cyber attacks:

Start building your robust, defense-in-depth cybersecurity plan today with CyberHoot.

Sources:

Kaspersky

ZDNet

Microsoft

The Verge

Additional Readings: 

CNN – Microsoft Issues Security Warning

Bleeping Computer – PrintNightmare Security Updates

Advanced Reading:  Mitigating Controls for PrintNightmare

Latest Blogs

Stay sharp with the latest security insights

Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.

From Fear to Feedback: Report Phishing Channel Works Wonders

From Fear to Feedback: Report Phishing Channel Works Wonders

CyberHoot believes security awareness should feel positive, empowering, and rewarding. Traditional phishing...

Read more
Why Security Culture is Critical — And How CyberHoot Makes It Stick

Why Security Culture is Critical — And How CyberHoot Makes It Stick

In today’s cybersecurity landscape, breaches are rarely caused by a lack of technology. Instead, they stem from...

Read more
Top 10 Emerging AI-Based Threats Every Business Must Prepare For

Top 10 Emerging AI-Based Threats Every Business Must Prepare For

Artificial Intelligence (AI) is transforming productivity and efficiency, but it’s also arming cybercriminals...

Read more