PrintNightmare CVE-2021-34527 – Patches

UPDATE: Microsoft also announced CVE-2021-34481 which shows that there are more issues with the print spooler service –> https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481 general recommendation is to disable print spooler.

Tonight, Microsoft finally came out with the patches for the PrintNightmare vulnerability which you can view here –> CVE-2021-34527 – Security Update Guide – Microsoft – Windows Print Spooler Remote Code Execution Vulnerability

NOTE: It should be noted that this update fixes the remote vector – however, it seems the LPE variations still function. These work out of the box on Windows 7, 8, 8.1, 2008 and 2012 but require Point&Print configured for Windows 2016,2019,10 & 11

Here is also a knowledge base article from Microsoft regarding the change –> KB5005010: Restricting installation of new printer drivers after applying the July 6, 2021 updates (microsoft.com)

Prior to installing the July 6, 2021, and newer Windows Updates containing protections for CVE-2021-34527, the printer operators’ security group could install both signed and unsigned printer drivers on a printer server. After installing such updates, delegated admin groups like printer operators can only install signed printer drivers. Administrator credentials will be required to install unsigned printer drivers on a printer server going forward.

Currently not all Windows Server versions have the security update available, but here are the different OS’s and link to the updates. Also available as part of Windows Update

Screenshot Windows Server 2019

NOTE: The patches require a reboot to get installed.

Windows Server 2012 R2 + Windows 8.1 –> KB5004958

Windows 2008 R2 + Windows 7 –> KB5004951

Windows Server 2019 + Windows 10 (1809) –> KB5004947

Windows 10 (1507) –> KB5004950

Windows 10  (1607) –> NOT YET AVAILABLE

Windows Server 2016 –> NOT YET AVAILABLE

Windows 10 (1903) –> KB5004946

Windows 10 (2004, 20H2) –> KB5004945

 

Leave a Reply

Scroll to Top