Nightmare Continues: PrintNightmare Vulnerability Patch Problems

Published: July 13, 2021, 2:11pm

The zero-day exploit impacting Microsoft’s Print Spooler continues to cause concern, as the emergency patch issued last week failed to fix this critical bug fully. The bug (CVE-2021-34527), dubbed PrintNightmare, could allow attackers to take control of an infected system.

Shortly after the initial patch was issued, researchers discovered that they could bypass the emergency patch and achieve remote code execution (RCE) and local privilege escalation. As a result, users were still being advised to disable the Print Spooler service.

You can read additional details on the vulnerability in our blog post from last week.

Next Steps

This vulnerability is considered extremely serious. Details on the Microsoft site advise first determining if the Print Spooler service is running and then disabling the Print Spooler or disabling inbound remote printing through the Group Policy. At the time of this writing, it was unclear whether a patch for PrintNightmare will be issued in the July 13 Patch Tuesday.

GuidePoint Security encourages businesses to work with vulnerability management as a service (VMaaS) to help manage the plethora of vulnerabilities and zero-days. In addition, professional penetration testing can also help organizations better understand and identify vulnerabilities in an enterprise system.