09.07.2021 Microsoft Releases Partial Fix for the Windows Print Spooler Flaw

by Elena Lapina

On 6 July 2021, Microsoft released a partial fix to mitigate the risks of remote exploitation for the vulnerability in the Windows Print Spooler service, tracked as CVE-2021-34527, commonly known as PrintNightmare. We recommend applying the updates and mitigations for all affected systems immediately, and ensuring Microsoft’s recent guidance for additional actions, referenced below, is followed.

Details

  • Multiple versions of proof-of-concept (POC) code are now circulating with various exploitations of this flaw. Some of the POCs demonstrated that remote execution is possible on fully-patched systems when Point and Print configuration is enabled, requiring additional actions beyond patching.
  • Microsoft has provided additional mitigation steps to prevent exploitation when the patches have been applied.
  • Microsoft previously reported that threat actors are already taking advantage of this flaw, making it a critical risk for impacted systems.

Recommendations

  • We recommend following the Microsoft update guide and applying the latest update as soon as possible.
  • Restrict installation of new printer drivers after applying these updates.
  • Once patched, ensure that the Point and Print issue is mitigated as per Microsoft recommendations.
  • If you are unable to install these updates, we recommend applying the mitigation measures in the FAQ and Workaround sections of the Microsoft update guide to help protect your system.

References

CVE-2021-34527, Mitigations, Microsoft Update Guide

 

Request Demo

Fill out the form and we will send you details about our demo.