Update 9/15/2021
Microsoft released security updates yesterday to address the remaining PrintNightmare vulnerabilities.
Update 9/1/2021
This post is an update for this previous post regarding the Microsoft Print Spooler vulnerabilities known as “PrintNightmare.”
As stated in the August 16 post, Microsoft updated CVE-2021-34527, Windows Print Spooler Remote Code Execution Vulnerability to indicate that patches are now available.
Apply all patches immediately.
Please note that there are still reports of related Print Spooler vulnerabilities and the safest mitigation remains disabling Print Spooler.
- With the various mitigations listed in the August 16 update and in Microsoft updates, and depending on the specific environment, it may be possible to enable the Print Spooler ahead of all of the relevant patches being released.
- Each University department and/or unit should do their own analysis on how printers and computers are configured for printing, which mitigations should be applied, and whether that makes the risk acceptable to them.
- The reason it depends is that there are multiple vulnerabilities, some with patches, some with configuration required in addition to the patches–but there is also a known local privilege escalation (LPE) which isn’t patched.
- Please note that the configurations required also may break or change things, such as requiring the local administrator to install print drivers, which may, for instance, make certain label printers useless or break printing to a printer shared from a workstation, etc.
- The LPE can be mitigated in a couple of ways, but there are still risks. Someone with enough knowledge of the details, expected scenarios, impacts, etc. should make that decision. Contact ciso@uw.edu if you require assistance in assessing risks and impact.
Also see: PrintNightmare: What to do at home