Microsoft releases emergency security fix for PrintNightmare flaw — what to do
Microsoft has today, July 6, released an emergency patch to correct the print-spooler flaw.
This flaw, also known as PrintNightmare, but cataloged as CVE-20231–34527, allows hackers to take control of any Windows system remotely. This flaw is particularly dangerous for enterprise Windows deployments and servers. However, any computer with Windows 7 or the latest Windows 10 version can be attacked.
What you should do
Run Windows Update on Windows 10, 8.1, or 7 to install today’s update. Windows 10 users will receive an update notice that refers to knowledge base article (KB) article K5004940, K5004945, K5004946, K5004946, and KB5004947, depending on the build. Windows 8.1 users will see the knowledge base references KB5004954 or KB5004958. Windows 7 users will get KB5004951 and KB5004953. In addition, this Microsoft security bulletin contains more information.
After downloading the update, you will be asked to restart your computer to install it.
Don’t want the patch? Here’s what to do
If you are genuinely leet and think you don’t have to install the patch, you can fire up PowerShell by typing in “Get-Service -Name Spooler” and see if the print queue is active. It is most likely running if you print documents regularly. Don’t try to learn PowerShell if you don’t understand it.
To disable Print Spooler, you can use PowerShell to type the following in:
Stop-Service -Name Spooler -Force
Set-Service -Name Spooler -StartupType Disabled
Microsoft warns that disabling the Print Spooler Service will result in the inability to print locally or remotely. Of course, this may not be important if you are a serious gamer and haven’t touched paper in three years.
Everybody else will want to use the patch so they can continue printing. The patch has a downside: it will be more difficult for non-administrative printer drivers to install drivers that the manufacturer has not signed.
This shouldn’t be a problem as most printer software requires that an administrator install it. Microsoft explains how to modify the Registry so that only limited users can install unsigned software on your computer (a bad idea).
Someday we’ll all laugh about this.
After everyone has patched their systems, the PrintNightmare story may be funny. Short version: Microsoft corrected a similar Print Spooler flaw with the June Patch Tuesday updates, June 8, and then increased the flaw’s severity on June 21.
Hong Kong’s security company saw the notice of severity escalation. They assumed that Microsoft had fixed a flaw that it had (presumably) privately disclosed. The security company had intended to reveal the mark publicly at the Black Hat USA security conference next month in Las Vegas.
Microsoft had fixed the problem, so the security company posted a proof of concept exploit on Twitter on June 28. This is a demonstration of how to attack the flaw using it.
Oops. Microsoft fixed a different flaw, and the exploit by the Hong Kong company worked perfectly on fully patched systems.
Although the Hong Kong-based firm deleted the tweet quickly, the secret was out, and Microsoft stated that it soon became aware of the exploit being “in the wild.” More information is available here.