PrintNightmare

From HandWiki
Short description: Security vulnerability in Microsoft Windows
PrintNightmare
CVE identifier(s)CVE-2021-1675
CVE-2021-34527
Date discoveredJune 29, 2021; 3 years ago (2021-06-29)
Date patchedJuly 6, 2021; 3 years ago (2021-07-06)[1]
DiscovererSangfor[2][3]
Affected softwareMicrosoft Windows

PrintNightmare is a critical security vulnerability affecting the Microsoft Windows operating system.[2][4] The vulnerability occurred within the print spooler service.[5][6] There were two variants, one permitting remote code execution (CVE-2021-34527), and the other leading to privilege escalation (CVE-2021-1675).[6][7] A third vulnerability (CVE-2021-34481) was announced July 15, 2021, and upgraded to remote code execution by Microsoft in August.[8][9]

On July 6, 2021, Microsoft started releasing out-of-band (unscheduled) patches attempting to address the vulnerability.[10] Due to its severity, Microsoft released patches for Windows 7, for which support had ended in January 2020.[11][10] The patches resulted in some printers ceasing to function.[12][13] Researchers have noted that the vulnerability has not been fully addressed by the patches.[14] After the patch is applied, only administrator accounts on Windows print server will be able to install printer drivers.[15] Part of the vulnerability related to the ability of non-administrators to install printer drivers on the system, such as shared printers on system without sharing password protection.[15]

The organization which discovered the vulnerability, Sangfor, published a proof of concept in a public GitHub repository.[3][16] Apparently published in error, or as a result of a miscommunication between the researchers and Microsoft, the proof of concept was deleted shortly after.[3][17] However, several copies have since appeared online.[3]

See also

References

  1. "July 6, 2021—KB5004945 (OS Builds 19041.1083, 19042.1083, and 19043.1083) Out-of-band". Microsoft Corporation. https://support.microsoft.com/en-us/topic/july-6-2021-kb5004945-os-builds-19041-1083-19042-1083-and-19043-1083-out-of-band-44b34928-0a71-4473-aa22-ecf3b83eed0e. 
  2. 2.0 2.1 Valinsky, Jordan (9 July 2021). "Microsoft issues urgent security warning: Update your PC immediately". https://edition.cnn.com/2021/07/07/tech/microsoft-security-update/index.html. 
  3. 3.0 3.1 3.2 3.3 Corfield, Gareth (30 June 2021). "Leaked print spooler exploit lets Windows users remotely execute code as system on your domain controller" (in en). https://www.theregister.com/2021/06/30/windows_print_spool_vuln_rce/. 
  4. "Microsoft fixes critical PrintNightmare bug". 7 July 2021. https://www.bbc.com/news/technology-57750138. 
  5. Winder, Davey (2 July 2021). "New Critical Security Warning Issued For All Windows Versions As 'PrintNightmare' Confirmed" (in en). https://www.forbes.com/sites/daveywinder/2021/07/02/new-critical-security-warning-issued-for-all-windows-versions-as-printnightmare-confirmed/?sh=7b55712b7d04. 
  6. 6.0 6.1 "Security Update Guide - Microsoft Security Response Center". Microsoft Corporation. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527. 
  7. "Microsoft Releases Out-of-Band Security Updates for PrintNightmare". Cybersecurity and Infrastructure Security Agency. 6 July 2021. https://us-cert.cisa.gov/ncas/current-activity/2021/07/06/microsoft-releases-out-band-security-updates-printnightmare. 
  8. "More PrintNightmare: "We TOLD you not to turn the Print Spooler back on!"" (in en-US). 2021-07-16. https://nakedsecurity.sophos.com/2021/07/16/more-printnightmare-we-told-you-not-to-turn-the-print-spooler-back-on/. 
  9. "Windows Print Spooler Remote Code Execution Vulnerability CVE-2021-34481". https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481. 
  10. 10.0 10.1 "Out-of-Band (OOB) Security Update available for CVE-2021-34527 – Microsoft Security Response Center". Microsoft Corporation. https://msrc-blog.microsoft.com/2021/07/06/out-of-band-oob-security-update-available-for-cve-2021-34527/. 
  11. Sharwood, Simon (7 July 2021). "Microsoft patches PrintNightmare – even on Windows 7 – but the terror isn't over" (in en). https://www.theregister.com/2021/07/07/printnightmare_patched/. 
  12. Smith, Adam (9 July 2021). "Microsoft fixes huge security bug – and breaks people's printers" (in en). https://www.independent.co.uk/life-style/gadgets-and-tech/microsoft-printnightmare-windows-printers-update-b1881109.html. 
  13. Lawler, Richard (8 July 2021). "The Windows update to fix 'PrintNightmare' made some printers stop working" (in en). Vox Media. https://www.theverge.com/2021/7/8/22569387/zebra-windows-security-update-printer-spooler-microsoft. 
  14. Goodin, Dan (8 July 2021). "Microsoft Keeps Failing to Patch the Critical 'PrintNightmare' Bug". Wired (Condé Nast). https://www.wired.com/story/microsoft-keeps-failing-patch-windows-printnightmare-bug/. Retrieved 11 July 2021. 
  15. 15.0 15.1 Mackie, Kurt (9 July 2021). "Microsoft Clarifies Its 'PrintNightmare' Patch Advice -- Redmondmag.com". 1105 Media Inc. https://redmondmag.com/articles/2021/07/09/microsoft-clarifies-printnightmare-advice.aspx. 
  16. Constantin, Lucian (8 July 2021). "PrintNightmare vulnerability explained: Exploits, patches, and workarounds". IDG Communications. https://www.arnnet.com.au/article/689631/printnightmare-vulnerability-explained-exploits-patches-workarounds/. 
  17. Warren, Tom (2 July 2021). "Microsoft warns of Windows "PrintNightmare" vulnerability that's being actively exploited" (in en). Vox Media. https://www.theverge.com/2021/7/2/22560435/microsoft-printnightmare-windows-print-spooler-service-vulnerability-exploit-0-day.