News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

Newsletter Archives

  • Out of band for Print Nightmare is out

    Posted on July 6th, 2021 at 16:22 Comment on the AskWoody Lounge

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

    Remember the print nightmare post from the other day?  Microsoft has released out of band updates to fix the issue.

    “CVE updated to announce that Microsoft is releasing an update for several versions of Window to address this vulnerability. Updates are not yet available for Windows 10 version 1607, Windows Server 2016, or Windows Server 2012. Security updates for these versions of Windows will be released soon. Other information has been updated as well. This information will be updated when more information or updates are available”

    If you are a home user, I don’t see a need to rush this patch on. If you are a MSP or IT professional, and you haven’t already disabled the print spooler on your domain controllers – look for these updates. ( I don’t think they’ve been fully posted yet)

    https://support.microsoft.com/en-us/topic/31b91c02-05bc-4ada-a7ea-183b129578a7

    “Prior to installing the July 6, 2021, and newer Windows Updates containing protections for CVE-2021-34527, the printer operators’ security group could install both signed and unsigned printer drivers on a printer server. After installing such updates, delegated admin groups like printer operators can only install signed printer drivers. Administrator credentials will be required to install unsigned printer drivers on a printer server going forward.”

    Edit on 7/7/2021:  Seeing it start to trend that Zebra label printers can’t print after installing this update.  I’m going to flip DefCon to 2 to be safe.

    Edit on 7/7/2021 12:10:  Lawrence from Bleepingcomputer indicates that the patch doesn’t fully protect from “local privilege esPrintNightmare calation” attacks.  If you have enabled any “Point and print” options you may still be vulnerable even with the update installed.  “To bypass the patch and achieve RCE and LPE, a Windows policy called ‘Point and Print Restrictions’ must be enabled, and the “When installing drivers for a new connection” setting configured as “Do not show warning on elevation prompt.”  Note I have not done this on any local printer or network printer under my control – so my guess is that most of us won’t have to worry about this corner case.

    Edit 7/10/2021: Microsoft is saying that the issue with usb based label printers (Zebra and Duo) isn’t caused by this specific update but from earlier updates and we just didn’t realize it. They have implemented the “known issue rollback” process where the non security bits causing the issue are automatically rolled back.