What to Do Now When These Windows “PrintNightmare” Fixes Don’t Work [updated]

Microsoft recently released hot fixes to fix a serious zero-day security vulnerability in the Windows Print Spooler code called “PrintNightmare”, but they did not fix the problem. Security researchers have found that the vulnerability is still present in several versions of Windows even after the patch (via TechRadar ), leaving users vulnerable to serious cybersecurity threats.

Using the PrintNightmare bug, hackers can take control of a PC and install malware, ransomware, steal or destroy sensitive data, and more without requiring physical access to the computer. You see, a real black hat.

Some security experts doubt that the company ever properly tested the patch before putting it into production. Either way, it looks bad for Microsoft and only makes the PrintNightmare debacle a nightmare that endangers millions of Windows devices.

What is PrintNightmare?

PrintNightmare affects the Windows Print Spooler on all versions of Windows, including versions installed on personal computers, corporate networks, Windows servers, and domain controllers. Worse, hackers make heavy use of PrintSpooler due to a failed proof-of-concept (PoC) attempt.

Security researchers at Sangfor discovered the PrintNightmare exploit and several other zero-day flaws in Windows Print Spooler services. The group has created PoC exploits as part of an upcoming flaw presentation. The researchers considered that the vulnerabilities were already fixed and published them on Github.

In fact, Microsoft fixed some zero-day print spooler vulnerabilities in the previous security update, but PrintNightmare was not fixed. Although the original PoC Sangfor PringNightmare is no longer on Github, the project was reproduced before it could be closed and there is evidence of a PoC exploit being used.

Microsoft has released emergency security fixes for all affected versions of Windows, including:

  • Windows 10
  • Windows 8.1
  • Windows 7
  • Windows RT 8.1
  • Multiple versions of Windows Server

Unfortunately, as we now know, the patches did not help the squat. Fortunately, the Windows Print Spooler service can be temporarily disabled to prevent a PrintNightmare attack.

Disable Windows Print Spooler Service Immediately

Network administrators can disable (and restore) Windows Print Spooler and Remote Printing using Group Policy, but regular users will need to disable it using Powershell commands that will protect your PC from any PrintNightmare threats:

  1. Use the taskbar or Windows start menu to search for “Powershell”.
  2. Right click Powershell and select “Run as administrator”.
  3. From a Powershell command prompt, run the following command to disable the Windows Print Spooler: Stop-Service -Name Spooler -Force
  4. Then run this command to prevent Windows from re Set-Service -Name Spooler -StartupType Disabled printing Set-Service -Name Spooler -StartupType Disabled printing at startup: Set-Service -Name Spooler -StartupType Disabled
  5. Do not disable Windows Print Spooler services until a Microsoft patch is available and installed on your computer in the near future. After a safe fix, you can re-enable the Print Spooler Services in Powershell with Set-Service -Name Spooler -StartupType Automatic and Start-Service -Name Spooler commands.

Note that this is not a long term preventative measure, as the vulnerability is still present even when the spooler services are disabled. However, this is the only option so far. We recommend keeping Print Spooler disabled even if Microsoft releases future security updates, just in case. You can re-enable the print spooler as soon as it is confirmed that the vulnerability is fully fixed.

We will update this post again if and when another patch is released. For most Windows 10 users, further security updates will appear automatically, but you can also manually check for new patches in Settings> Update & Security> Windows Update> Check for Updates. Users of older versions of Windows, such as Windows 7, need to download and install the patch manually from the Microsoft Security Update Guide.

This article was originally published on July 2, 2021, and was updated on July 7, 2021 with instructions on how to install emergency Windows security fixes, and on July 8, 2021, with reports that the fixes weren’t working.

[ The Verge ]

More…

Leave a Reply