Microsoft Warns Of Critical 0-Day PrintNightmare Vulnerability, But There's A Workaround
Over the last couple of days, a vulnerability tracked as CVE-2021-34527 has made the rounds, making IT people quite nervous. The cybersecurity threat, also dubbed PrintNightmare, exploits a flaw within the Windows Print Spooler, allowing for remote code execution on a system. Now, Microsoft has provided mitigation guidance to block these attacks on vulnerable devices around the world.
The CVE (common vulnerability enumeration), published yesterday by Microsoft, outlined the vulnerability that recently cropped up affecting the Windows Print Spooler. The executive summary explains that remote code execution can occur when the Windows Print Spooler service “improperly performs privileged file operations.” Upon successful exploit, the attacker could run whatever code they want with system privileges which is the highest tier.
At present, Microsoft is still investigating the situation and has not provided a fix. In the meantime, the company has provided workarounds to prevent this from being exploited. These include disabling the print spooler all together or disabling inbound remote printing through a Group Policy update. In the former workaround, users will not be able to print locally or remotely. The latter change will make it so a system will “no longer function as a print server, but local printing to a directly attached device will still be possible.”
Hopefully, Microsoft’s investigation into the vulnerability will not take long, nor will an official patch. In the meantime, it is recommended by the Cybersecurity and Infrastructure Agency (CISA) to follow Microsoft’s workarounds. Furthermore, stay tuned to HotHardware for updates on this developing situation.