Microsoft has issued another update to correct vulnerabilities in its Print Spooler service known as PrintNightmare. These vulnerabilities can be exploited to achieve privilege escalation and remote code execution. Microsoft had previously released an out-of-band update to correct the vulnerabilities; however, security researchers showed that the patch and its mitigation steps were incomplete and did not fully address the vulnerabilities, which include CVE-2021-1675 and CVE-2021-34527.
Microsoft has now announced that it has made a major change to how Windows interacts with the default Point and Print driver. “Our investigation into several vulnerabilities collectively referred to as “PrintNightmare” has determined that the default behavior of Point and Print does not provide customers with the level of security required to protect against potential attacks,” explained Microsoft Security Response Center (MSRC) in a statement.
To address the risk, the default Point and Print driver installation and update behavior have been changed and will now require administrative privileges. “The installation of this update with default settings will mitigate the publicly documented vulnerabilities in the Windows Print Spooler service,” said Microsoft.
That means it will no longer be possible for non-admin users to add or update printers. Microsoft believes the risk of exploitation of the PrintNightmare vulnerabilities justifies the change and said that if this mitigation is not practical for users, it can be disabled with a registry key.
The update will be applied as part of Microsoft’s August 2021 Patch Tuesday updates, with the default change tracked as CVE-2021-34481.
Microsoft has also issued an update to correct a new publicly known flaw in the Windows Print Spooler service tracked as CVE-2021-36936 in its Patch Tuesday updates, which has been assigned a CVSS severity score of 8.8. The flaw can be exploited to achieve remote code execution.
In total, the Patch Tuesday updates correct 51 vulnerabilities across its product range, including 7 critical flaws and one zero-day under active attack.