On 6 July 2021, Microsoft released a partial fix to mitigate the risks of remote exploitation for the vulnerability in the Windows Print Spooler service, tracked as CVE-2021-34527, commonly known as PrintNightmare. We recommend applying the updates and mitigations for all affected systems immediately, and ensuring Microsoft's recent guidance for additional actions, referenced below, is followed.
Details
- Multiple versions of proof-of-concept (POC) code are now circulating with various exploitations of this flaw. Some of the POCs demonstrated that remote execution is possible on fully-patched systems when Point and Print configuration is enabled, requiring additional actions beyond patching.
- Microsoft has provided additional mitigation steps to prevent exploitation when the patches have been applied.
- Microsoft previously reported that threat actors are already taking advantage of this flaw, making it a critical risk for impacted systems.
Recommendations
- We recommend following the Microsoft update guide and applying the latest update as soon as possible.
- Restrict installation of new printer drivers after applying these updates.
- Once patched, ensure that the Point and Print issue is mitigated as per Microsoft recommendations.
- If you are unable to install these updates, we recommend applying the mitigation measures in the FAQ and Workaround sections of the Microsoft update guide to help protect your system.
References
