Microsoft has fixed the Print Spooler vulnerability known as PrintNightmare. After a saga that includes a researcher accidentally disclosing a vulnerability, Microsoft issuing an emergency fix, and researchers finding a way around the fix, Microsoft has what is likely a final solution for the issue. Following the Windows 10 August 2021 Patch Tuesday security updates, the operating system will require people to have administrative privileges to install printer drivers with the Point and Print feature.
“Our investigation into several vulnerabilities collectively referred to as “PrintNightmare” has determined that the default behavior of Point and Print does not provide customers with the level of security required to protect against potential attacks,” says Microsoft in a blog post.
Microsoft also explains that requiring higher privileges addresses the vulnerability:
Today, we are addressing this risk by changing the default Point and Print driver installation and update behavior to require administrator privileges. The installation of this update with default settings will mitigate the publicly documented vulnerabilities in the Windows Print Spooler service. This change will take effect with the installation of the security updates released on August 10, 2021 for all versions of Windows, and is documented as CVE-2021-34481.
When exploited, the PrintNightmare vulnerability allows users with low privileges to open a command prompt with SYSTEM privileges. This effectively gives people control over a device, creating security risks.
Organizations can change this new behavior to allow people without administrative privileges to be able to install printer drivers with Point and Print. Microsoft recommends against this, however, as “Disabling this mitigation will expose your environment to the publicly known vulnerabilities in the Windows Print Spooler service.”
We may earn a commission for purchases using our links. Learn more.