Latest Microsoft Update Fully Resolves Windows PrintNightmare Vulnerabilities

Latest Microsoft Update Fully Resolves Windows PrintNightmare Vulnerabilities

Microsoft has released a security update addressing the PrintNightmare vulnerabilities. After this update, attackers will no longer be able to acquire administrator rights on Windows devices, the company stated.

PrintNightmare (CVE-2021-34527), a zero-day Windows print spooler vulnerability, was unintentionally disclosed in June this year. Attackers could abuse the Windows Point and Print feature to gain remote code execution and local SYSTEM rights.

Earlier, Microsoft launched two security patches to address different PrintNightmare flaws. However, another vulnerability (CVE-2021-36958), disclosed publicly by security researcher Benjamin Delpy, still allowed threat actors to obtain SYSTEM access through a remote print server.

To complicate things, ransomware gangs including Vice Society, Conti, and Magniber started using the vulnerability to acquire higher access on compromised computers.

The latest security patch by Microsoft launched on September 14th contains a fix for CVE-2021-36958, the remaining PrintNightmare vulnerability.

After testing his attack against the latest security update, Delpy verified that the flaw had been patched. He also stated that Microsoft had disabled the CopyFiles function by default, with an undocumented group policy allowing administrators to re-enable it.

You can configure this policy in Windows Registry by adding a value named CopyFilesPolicy to the HKLM\Software\Policies\Microsoft\Windows NT\Printers key. CopyFiles can be enabled again when set to ‘1’.

Even after enabling the feature, users can only use it with Microsoft’s C:\Windows\System32\mscms.dll file.

Because this modification affects Windows’ default behavior, it’s unknown what problems it will cause with printing tasks in Windows.

In addition to the PrintNightmare flaw, today’s patches also address a widely exploited Windows MSHTML zero-day bug.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.