PrintNightmare: Microsoft Releases Fix [Cincinnati Microsoft Blog]
Cyber Strategy Session

PrintNightmare: Microsoft Releases Fix

PrintNightmare: Microsoft Releases Fix

Have you heard the news about the Print Nightmare? It’s a set of vulnerabilities in the Windows Print Spool, which hackers are using to gain control of your PC under certain conditions. It mainly affects the Windows Print Spooler, the software responsible for the printing process.

The vulnerability comprises two critical remote-code execution weaknesses, revealed in late June 2021. Security investigators accidentally distributed a Proof-of-Concept (PoC) exploit code, revealing the vulnerability. Although they deleted the code immediately, it was not before hackers had already forked it on GitHub.

Fortunately, Microsoft swiftly moved into action to provide a patch for the flaw, which the company rated as critical. It warned customers that hackers are exploiting the weakness actively, using remote code execution to install the program, create new accounts with full admin rights, and modify data.

The vulnerability is in all Windows versions, but it is not clear whether it can be exploited beyond the server versions of Windows. The Print Spooler service is a default program on Windows, including client versions of the Domain controllers, OS, and Windows Servers.

This is not the first Windows Print Spooler service flaw to happen. Such vulnerabilities have been a headache for system administrators for years. One infamous example was the Stuxnet virus that used multiple 0-day exploits to destroy Iranian nuclear centrifuges several years ago.

How Did It Happen?

The Print Nightmare began on June 29, 2021, when a PoC was dropped on GitHub, demonstrating how an attacker can exploit the flaw to take over an infected system. At that time, the bug was tracked as CVE-2021-1675. Although it was deleted immediately, hackers had already copied it, and it continues to be in circulation on the platform.

The response that followed soon turned into confusion. In its regular monthly updates, Microsoft set out to address what it thought was a minor flaw. It released the CVE-2021-1675 patch, and the listing was later updated in the week after it was established that the patch could be used for RCE.

Later in the week, Microsoft further complicated issues by dropping a notice for the Windows print Spooler Remote Code Execution Vulnerability. Although it appeared to be the same vulnerability, it came with a different CVE number; 2021-34527.

The Patch Release

Unfortunately, the patch that Microsoft released is not entirely effective. It doesn’t cover the entire problem or all affected systems. Consequently, the company is working on further remedies to release them at a later date. According to the federal government, more fixes are critical before Microsoft can assure customers of full protection on all affected Windows systems.

Microsoft issued patches for Windows Servers 2008, 2012, and 2019, Windows RT 8.1, Windows 8.1, and various versions of Windows 10. It even went as far as issuing a patch for Windows 7, which it officially stopped supporting in 2020.

However, the company is yet to issue a fix for Windows Server 2016, Windows Server 2012, and Windows 10 Version 1607. It says the updates will be available soon and recommends that users install these updates with immediate effect. The company also advised businesses to disable the Windows Print Spooler Service if that’s an option for them. They may also disable inbound remote printing.

The released out-of-band update addresses the 2021-34527 code, the second of the two bugs, leaving out the first bug, CVE-2021-1675. This could be because the two bugs were initially thought to be one flaw and have since been dubbed the Print Nightmare. The patch only seems to address the RCE variants of the bug yet does not fully cover the LPE- local privilege escalation code. This information came from the Cybersecurity Infrastructure and Security Administration (CISA), based on published data by the CERT Coordination Center.

Update Your Windows PC to Fix the Flaw

The patch for the Print Nightmare flaw is an easy one to install. However, not everyone may know the procedure to follow when sending documents to the printer through the spool service. This is critical in ensuring the PC stays safe. Research shows that there are potential problems with the available quick fix, which is why you may want to install any upcoming patches as soon as possible.

Option 1: Visit Windows Update

  • Visit the Start Menu
  • Click on the Settings icon,
  • On the Windows 10 settings app, click Update and Security
  • Click on Check for Updates to prompt the system to start looking for updates

If you’re on Windows’ latest version, make sure you see KB5004945 listed on the Windows Update to fix the flaw. This is the automatic patch that addresses the vulnerability in Windows 10, Windows 10 Home, Pro, and other versions.

Allow the OS to download the update and install it in the background. In a few minutes, your device will prompt you to restart it, upon which the patch will be in place.

On older versions of Windows 10, you should see KB5004946 or KB5004949 as the patch, depending on the specific version of Windows 10. In all cases, your PC should install it immediately and prompt a restart.

Option 2: Download the patch through the Microsoft Update CatalogĀ 

In the unusual event that you don’t find the patches through the option above, you can manually download the update by visiting The Microsoft Update Catalog. Ensure you search for the appropriate KB version, depending on the version of Windows 10 you’re using:

  • KB5004945 is for all the most recent versions of Windows 10
  • KB 5004949 for Windows 10, April 2018 Update
  • KB5004946 for Windows 10, November 2019 update
  • KB5004954 for Windows 8.1
  • KB5004953 for Windows 7

However, since all of these updates address the Print Nightmare and not part of the regular schedule, they should install automatically.

Microsoft Service Professionals In Cincinnati

It is common for hackers to target printers and printing services in Windows to access your PC. The Print Nightmare is one example of their recent hacking attempt. This tells you of the need to ensure that all parts of your business systems, networks, and devices are well protected.

There’s no better way to approach your business cybersecurity needs than with the help of an expert in the field. At 4BIS, we are here to help you with all your IT needs, including technical support, Microsoft Office 365 Support and managed IT services. Get in touch with us today, and we will look after all your Microsoft business technology in Cincinnati.

Author

  • James Forbis is a cybersecurity professional, business owner, and best selling author with over 30 years of experience in the IT industry. James is guided by a personal motto to never stop learning. That drive has pushed him to grow a company that is securing and supporting thousands of users. James is a Certified Ethical Hacker and he uses that to stay up to date with the emerging trends of cybersecurity and at the forefront of security for small and medium business.

    James' Amazon Author Page

    View all posts

Sign Up For Our Newsletter

Enter your email to receive the latest news and to learn about interesting events.