Microsoft has confirmed that a new vulnerability known as 'PrintNightmare' is affecting the Windows Print Spooler.
This critical vulnerability has the potential for remote code execution (RCE). Microsoft is now investigating PrintNightmare, also assigned the name 'CVE-2021-34527'.
Here's everything you need to know about the PrintNightmare vulnerability, and what you can do about it.
What is the PrintNightmare vulnerability?
PrintNightmare is a RCE vulnerability impacting the Windows Print Spooler that if exploited, could give the attacker system privileges via the RpcAddPrinterDriverEx() function.
According to Microsoft's FAQs, the June 2021 security update did not introduce PrintNightmare/CVE-2021-3452, but the vulnerability existed beforehand in other versions of Windows.
The exploit that triggers this RCE has been circulated online, first appearing on Github in late March before being removed.
How to fix PrintNightmare vulnerability
Microsoft has now released the Windows 10 KB5004945 emergency update to resolve the PrintNighmare vulnerability. It should download automatically for Windows 10 users.
If the update has not downloaded on your PC, you can go to Windows Settings, select Updates & Security and then Windows Update. Here, choose Check for Updates, and any new patches - including KB5004945 - should show up, unless already downloaded.
However, some users are reporting issues with the KB5004945 update - specifically when attempting to print. Microsoft has listed the known issues surrounding the emergency update here - and there are quite a few - along with how to resolve them.
Previously Microsoft released two workarounds to the PrintNightmare vulnerability.
First, Microsoft recommended disabling the Print Spooler service, which will prevent the Print Spooler from being able to print on local or remote devices. You can do this by entering these commands in Windows PowerShell:
- Stop-Service -Name Spooler -Force
- Set-Service -Name Spooler -StartupType Disabled
The second workaround will disable remote printing on your system via Group Policy, meaning you can only use local printing (via a direct connection).