PrintNightmare: In statement Microsoft denies patch bypass is a real threat

Home » #Repost

Reading time icon 2 min. read

Calendar icon Published on

by Surur Davids 

published on

Share this article

Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

Two days ago  Microsoft released an out-of-band patch for the PrintNightmare Zero-day exploit that grants attackers full Remote  Code Execution capabilities on fully patched Windows Print Spooler devices, and a day later several hackers showed that the patch could be easily bypassed.

Microsoft has now issued a statement to BleepingComputer denying that the bypass presented a realistic threat, saying:

“We’re aware of claims and are investigating, but at this time we are not aware of any bypasses,” continuing “We have seen claims of bypass where an administrator has changed default registry settings to an unsecure configuration. See CVE-2021-34527 guidance for more information on settings required to secure your system. ”

Microsoft presumably means enabling the installation of drivers without a warning, with the company insisting the default configuration is secure.

Microsoft says after applying the patch, make sure the following registry values (if they exist) are set to zero:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint
  • NoWarningNoElevationOnInstall = 0 (DWORD) or not defined (default setting)
  • UpdatePromptSettings = 0 (DWORD) or not defined (default setting)

What is clear is that you need more than the patch to be truly safe.  Read Microsoft’s full configuration guidance here.

Surur Davids

Surur Davids Shield

Smartphone Expert

Surur Davids is the founder of WMPoweruser which later became MSPoweruser.com. He's a smartphone expert with over a decade of experience.

User forum

0 messages