PrintNightmare is a critical security vulnerability affecting the Microsoft Windows operating system.[2][5] The vulnerability occurred within the print spooler service.[6][7] There were two variants, one permitting remote code execution (CVE-2021-34527), and the other leading to privilege escalation (CVE-2021-1675).[7][8] A third vulnerability (CVE-2021-34481) was announced July 15, 2021, and upgraded to remote code execution by Microsoft in August.[9][10]
CVE identifier(s) | CVE-2021-1675 CVE-2021-34527 CVE-2021-34481 |
---|---|
Date discovered | June 29, 2021 |
Date patched | July 6, 2021[1] |
Discoverer | Sangfor[2][3] |
Affected software | Microsoft Windows 7, 8, 8.1, 10, 11 Microsoft Windows Server 2008, 2012, 2012 R2, 2016, 2019, 2022[4] |
On July 6, 2021, Microsoft started releasing out-of-band (unscheduled) patches attempting to address the vulnerability.[11] Due to its severity, Microsoft released patches for Windows 7, for which support had ended in January 2020.[11][12] The patches resulted in some printers ceasing to function.[13][14] Researchers have noted that the vulnerability has not been fully addressed by the patches.[15] After the patch is applied, only administrator accounts on Windows print server will be able to install printer drivers.[16] Part of the vulnerability related to the ability of non-administrators to install printer drivers on the system, such as shared printers on system without sharing password protection.[16]
The organization which discovered the vulnerability, Sangfor, published a proof of concept in a public GitHub repository.[3][17] Apparently published in error, or as a result of a miscommunication between the researchers and Microsoft, the proof of concept was deleted shortly after.[3][18] However, several copies have since appeared online.[3]
See also
editReferences
edit- ^ "July 6, 2021—KB5004945 (OS Builds 19041.1083, 19042.1083, and 19043.1083) Out-of-band". Microsoft Support. Microsoft Corporation. Archived from the original on July 10, 2021. Retrieved July 11, 2021.
- ^ a b Valinsky, Jordan (July 9, 2021). "Microsoft issues urgent security warning: Update your PC immediately". CNN Business. Archived from the original on July 10, 2021. Retrieved July 11, 2021.
- ^ a b c d Corfield, Gareth (June 30, 2021). "Leaked print spooler exploit lets Windows users remotely execute code as system on your domain controller". The Register. Archived from the original on July 8, 2021. Retrieved July 11, 2021.
- ^ "Security Update Guide - Microsoft Security Response Center". msrc.microsoft.com. Retrieved June 17, 2024.
- ^ "Microsoft fixes critical PrintNightmare bug". BBC News. July 7, 2021. Archived from the original on July 10, 2021. Retrieved July 11, 2021.
- ^ Winder, Davey (July 2, 2021). "New Critical Security Warning Issued For All Windows Versions As 'PrintNightmare' Confirmed". Forbes. Archived from the original on July 11, 2021. Retrieved July 11, 2021.
- ^ a b "Security Update Guide - Microsoft Security Response Center". msrc.microsoft.com. Microsoft Corporation. Archived from the original on July 10, 2021. Retrieved July 11, 2021.
- ^ "Microsoft Releases Out-of-Band Security Updates for PrintNightmare". US-CERT. Cybersecurity and Infrastructure Security Agency. July 6, 2021. Archived from the original on July 7, 2021. Retrieved July 11, 2021.
- ^ "More PrintNightmare: 'We TOLD you not to turn the Print Spooler back on!'". Naked Security. July 16, 2021. Retrieved September 7, 2021.
- ^ "Windows Print Spooler Remote Code Execution Vulnerability CVE-2021-34481". msrc.microsoft.com. Retrieved September 7, 2021.
- ^ a b "Out-of-Band (OOB) Security Update available for CVE-2021-34527 – Microsoft Security Response Center". Microsoft Security Response Center. Microsoft Corporation. Archived from the original on July 10, 2021. Retrieved July 11, 2021.
- ^ Sharwood, Simon (July 7, 2021). "Microsoft patches PrintNightmare – even on Windows 7 – but the terror isn't over". The Register. Archived from the original on July 8, 2021. Retrieved July 11, 2021.
- ^ Smith, Adam (July 9, 2021). "Microsoft fixes huge security bug – and breaks people's printers". The Independent. Archived from the original on July 9, 2021. Retrieved July 11, 2021.
- ^ Lawler, Richard (July 8, 2021). "The Windows update to fix 'PrintNightmare' made some printers stop working". The Verge. Vox Media. Archived from the original on July 10, 2021. Retrieved July 11, 2021.
- ^ Goodin, Dan (July 8, 2021). "Microsoft Keeps Failing to Patch the Critical 'PrintNightmare' Bug". Wired. Condé Nast. Archived from the original on July 10, 2021. Retrieved July 11, 2021.
- ^ a b Mackie, Kurt (July 9, 2021). "Microsoft Clarifies Its 'PrintNightmare' Patch Advice -- Redmondmag.com". Redmondmag. 1105 Media Inc. Retrieved July 11, 2021.
- ^ Constantin, Lucian (July 8, 2021). "PrintNightmare Vulnerability Explained: Exploits, Patches, and Workarounds". ARN. IDG Communications. Archived from the original on July 8, 2021. Retrieved July 11, 2021.
- ^ Warren, Tom (July 2, 2021). "Microsoft warns of Windows "PrintNightmare" vulnerability that's being actively exploited". The Verge. Vox Media. Archived from the original on July 9, 2021. Retrieved July 11, 2021.