KEY POINTS

  • The latest patch requires users to have administrative privileges before gaining access to print drivers
  • Microsoft discovered that low privileged users can gain access to SYSTEM privileges through the Point and Print feature
  • The update rolls out to all Windows versions

Microsoft has just resolved the PrintNightmare vulnerability as it released the Windows 10 August 2021 Patch Tuesday security update.

On Wednesday, Microsoft released the patch that finally put an end to the PrintNightmare vulnerability issues that Windows 10 users encountered over the past weeks. The update requires the user to have administrative privileges before gaining access to install printer drivers via the Point and Print feature, Windows Central reported.

"Today, we are addressing this risk by changing the default Point and Print driver installation and update behavior to require administrator privileges. The installation of this update with default settings will mitigate the publicly documented vulnerabilities in the Windows Print Spooler service," Microsoft said in a blog post.

In June, a security researcher inadvertently revealed PrintNightmare vulnerability, a zero-day Windows print spooler. The bug potentially provides local SYSTEM privileges by allowing remote code execution.

When exploited, the vulnerability could pose a serious security risk to devices as users with low privileges can take advantage of the SYSTEM privileges to open a command prompt. This gives them direct access and control over a device.

After analyzing the matter, Microsoft came up with the conclusion that the PrintNightmare vulnerability points to the Point and Print feature’s security level. The software giant said that the feature’s default behavior does not provide enough security to protect users from potential attacks.

Microsoft pushed an emergency update in July to address the PrintNightmare zero-day vulnerability. However, the patch did not completely resolve the issue as it failed to prevent the local elevation of certain privileges.

Earlier in August, researchers found a way around the July emergency update. Benjamin Delpy, a security researcher, discovered several ways to bypass the patch and exploit the PrintNightmare vulnerability.

Delpy found a print server capable of installing a print driver. The driver can launch a type of Dynamic Link Library that provides users with SYSTEM privileges.

The update is documented as CVE-2021-34481 and has been released for all versions of Windows. Microsoft urges Windows PC users to update their devices as soon as possible.

For users who wish to allow non-elevated users to have access to Point and Print feature, they may do so using a registry key, Digital Trends reported.

The hacked accounts reportedly belong to 'high ranking officials' in the presidential office, the cabinet, the military and members of the ruling and opposition parties
The hacked accounts reportedly belong to 'high ranking officials' in the presidential office, the cabinet, the military and members of the ruling and opposition parties AFP / Fred TANNEAU