20 likes | 62 Views
PrintNightmare is a class of security bugs targeting the Windows Print Spooler service, specifically affecting the program that lets users queue and print files while other tasks are running in the background.
E N D
Security 101 - Microsoft's PrintNightmare Vulnerability Explained PrintNightmare is a class of security bugs targeting the Windows Print Spooler service, specifically affecting the program that lets users queue and print files while other tasks are running in the background. The vulnerability made it possible for attackers to write and inject code to gain system privileges and take over the system. Microsoft addressed this print spooling problem when it released patches in July and August 2021. However, a security researcher discovered another zero-day bug after the update, with the latest patch causing an unexpected issue with printers. Understanding PrintNightmare and how it affects your system can help you make informed decisions on protecting your organization. What is the Windows Print Spooler? The Windows Print Spooler software manages print jobs sent to the print server or computer printer and enables users to manage or delete print jobs in the queue. Windows provides two ways for programs to print files: (1) by directly sending data to the output device (i.e. by opening a port), or (2) by using the Windows Print Spooler. Print Spooler works by sending the print job from the computer to a peripheral device, such as a printer. Then, it creates an entry in the queue. It also de-spools one print job at a time for every printer whenever an assigned printer is available until the queue clears. Printing Many applications depend on the spooler as it lets users continue working on their computers without waiting for print jobs to finish. Users can queue more files for printing while the computer does other tasks. Why is PrintNightmare so dangerous? The critical security flaw affects print spooling and references two vulnerabilities: CVE 2021-1675 and CVE 2021-34527. One of these is a local privilege escalation flaw, and the other is a remote code execution (RCE). RCE is a potent attack vector that lets someone execute a code on a remote machine via a local area network (LAN), over the internet, or a wide area network (WAN). The attacker can also take over another machine sharing a network with the printers through an RCE vulnerability. Elevation of privilege (EoP) is another vulnerability that lets users upgrade their privileges to have more authority over a system. This way, they can access unauthorized information or compromise a system.
Microsoft has taken steps to fix the issue, but fixing it meant changing the Point and Print rules. This resulted in some disastrous side effects for many Windows print environments. The new Point and Print rule is that only administrators can install print drivers from print servers. Moreover, users that are not on Windows are no longer able to connect to Windows shared printers. How can you protect your print environment? Suspending print spooling is a temporary fix, but it is not sustainable. The best solution is to keep your Windows patches up-to-date and start using a reliable print management software to increase security around Windows Print Spooler. Plus Technologies offers a print spooler software solution that can help your organization overcome vulnerabilities and other issues with print spooling. It accepts jobs without changing your application software and delivers the jobs to printing devices while keeping them in the system, allowing for reprinting or restarting as necessary. Request a demo to learn more.