PrintNightmare is a vulnerability that allows privilege escalation by letting regular users install fake printer drivers which grant hackers admin privileges.

After a number of patched is various efficacy Microsoft has chosen to fix the issue with this month’s Patch Tuesday by requiring users to have admin privileges before they can install printer drivers.

Microsoft notes:

Our investigation into several vulnerabilities collectively referred to as “PrintNightmare” has determined that the default behavior of Point and Print does not provide customers with the level of security required to protect against potential attacks.

Today, we are addressing this risk by changing the default Point and Print driver installation and update behavior to require administrator privileges. The installation of this update with default settings will mitigate the publicly documented vulnerabilities in the Windows Print Spooler service. This change will take effect with the installation of the security updates released on August?10, 2021 for all versions of Windows, and is documented as CVE-2021-34481.

This means regular users will not be able to install printer drivers without the assistance of an admin, but given how rarely this is needed this is unlikely to be a major issue. If it is a major inconvenience however this behaviour can be bypassed via the registry, but this is of course not recommended.

Admins can read more about the issue at CVE-2021-34481.

via onMSFT

Comments