The latest and serious Windows security bug is called ‘PrintNightmare’. We’ll explain what it is, how serious the bug could be, what you should do about it balancing the ‘known unknowns’.
UPDATE: Almost as predictable as the sun rising … the PrintNightmare patch caused problems for some Windows users. The July 2021 monthly security update includes an improved update which doesn’t block some USB printers. However two other bugs remain in the PrintNightmare bug fix. Details below.
What is PrintNightmare?
PrintNightmare is a new (yet another) security lapse in Windows known officially as CVE-2021-34527. It was disclosed publicly (possibly accidentally) in late May by security researchers. Once public, criminals and hackers can take advantage of it. That’s why there’s now a rush to patch the bug before it’s exploited.
The problem is with the Window Print Spooler which takes print jobs from programs (like Word) and forwards them to the printer. All versions of Windows have the Print Spooler.
On individual Windows machines the Print Spooler allows printer sharing with other computers on the local network. This isn’t used as much these days because many printers are network connected and don’t need a computer to share it.
Originally, it appeared that PrintNightmare only affected Windows Server systems (for shared printers on a network) but now it seems all Windows releases could be affected.
The Print Spooler bug lets hackers run other programs on the computer and those programs can allow access to anything else on the network. These “Remote Code Execution Vulnerability” are far common in Windows.
PrintNightmare is a serious problem because the technical details are out there on the web. The race is on to protect computers before hackers take advantage of unpatched machines.
What to do
Microsoft’s original recommendation was to disable the Print Spooler service or block the spooler from accepting client connections (via a Group Policy). Neither suggestion is very practical because it stops shared printing across an organizations network.
There there was an emergency ‘out of cycle’ patches available for all Windows releases back to Windows 7.
Yes, even Windows 7 gets a security patch even though it’s officially now out of support. When Microsoft updates older software, you know the problem is serious.
The July 2021 security rollup package includes a better PrintNightmare fix. If your computer automatically update then you should have the PrintNightmare patch by the time you read this. To make sure, run Windows Update.
Registry Key bypass
Microsoft belatedly found that a registry setting could make the printer access LESS secure and bypass their PrintNightmare patch.
Thankfully, the registry setting is fairly rare. Most computers will NOT have this setting and the default is OK (i.e. secure).
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint
- NoWarningNoElevationOnInstall = 0 (DWORD) or not defined (default setting)
- UpdatePromptSettings = 0 (DWORD) or not defined (default setting)
This registry key isn’t normally present and that’s the good, the more secure setting. If you check the Windows Registry and can’t see those two registry keys, then you’re good to go.
Windows Server patches – now!
All Windows Server systems with Print Spooler running (the majority) should be patched right away. Get the July 2021 security rollup package which includes an improved PrintNightmare patch.
Windows 10, 8/8.1 and 7 – get it now
Originally we were skeptical about the rushed PrintNightmare patch from Microsoft and it turned out we were right.
The first ‘out of band’ patch caused trouble for some users. Some USB printers would not work with the security fix. Less mentioned were the bugs that appeared in the Edge browser or Japanese character typing.
We now recommend INSTALLING the regular Windows monthly patches for July 2021 which include the PrintNightmare fix. The rollup package has an improved update with the USB printer problem fixed (the other two remain, see below).
Why the change? Microsoft had more time to fix the patch and (hopefully) remove the bugs. The risk of infection from PrintNightmare has increased as criminals rush to take advantage of the security lapse before it’s fixed.
Told you so …
Hate to say ‘told you so …‘ but sure enough, the original rushed PrintNightmare patch was buggy. It was almost inevitable that a rushed ‘out of band’ patch would have problems.
Deep down Microsoft’s patch page is the news of THREE ‘issues’ with the patch. Two are quite unrelated to printing and you’d be forgiven for not realising that a printing fix causes trouble with the Edge browser or Japanese character typing!
Printers break after patching
“After installing this update, you might have issues printing to certain printers. Various brands and models are affected, primarily receipt or label printers that connect via USB.”
This problem is so serious that Microsoft was remotely rolling back the security patch using their relatively new Known Issue Rollback (KIR) system.
The July 2021 monthly rollup of security patches includes a better PrintNightmare fix without the USB printer bug.
The other bugs caused by the PrintNightmare patch are still present in the July 2021 update. See under ‘Known Issues’ on the Microsoft’s patch page for details on the status of any fixes or workarounds.
“Devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge. “
“When using the Microsoft Japanese Input Method Editor (IME) to enter Kanji characters in an app that automatically allows the input of Furigana characters, you might not get the correct Furigana characters. You might need to enter the Furigana characters manually. Note The affected apps are using the ImmGetCompositionString() function.”