Update NOW – Critical Vulnerability: Microsoft ‘PrintNightmare’ – CVE-2021-34527

Security updates have been released by Microsoft for CVE-2021-34527, aka PrintNightmare.  Please visit the Microsoft Security Response Centre to access the updates.  We recommend applying the update immediately to secure your environment.

Last week on July 1, 2021, Microsoft warned of a critical flaw in the Windows Print Spooler service.  This flaw dubbed PrintNightmare allows attackers to remotely execute code with system-level privileges.

From Microsoft’s Security Response Centre:

“An attacker could then install programs; view, change or delete data; or create new accounts with full user rights.”

While Microsoft is working on a patch, the simplest action to reduce the attack surface is to disable printing. However, this is not practical.

Their recommended alternative is to reduce memberships in key groups such as:

• Administrator
• Domain Controllers
• Read-Only Domain Controllers
• Enterprise Read-Only Domain Controllers
• Certificate Admins
• Schema Admins
• Enterprise Admins
• Group Policy Admins
• Power Users
• System Operators
• Print Operators
• Backup Operators
• RAS Servers
• Pre-Windows 2000 Compatible Access
• Network Configuration Operators Group Object
• Cryptographic Operators Group Object
• Local account and member of Administrators group

For more information on CVE-2021-34527, PrintNightmare vulnerability, please head to the Microsoft Security Response Centre.

While waiting for a patch, at PC Corp and for our Managed IT Services subscribers, we have implemented a workaround that mitigates the attack risk and keeps our print servers running.  Until then, we keep a diligent watch for a security patch from Microsoft.

If your business requires any advice or assistance with this Microsoft vulnerability or if we can help with any other I.T. Support, please don’t hesitate to contact us.