Remote code execution (“PrintNightmare”) vulnerabilities in Microsoft Windows

Multiple remote code execution vulnerabilities were identified in Microsoft Windows Print Spooler Service named “PrintNightmare”, a remote attacker could exploit these vulnerabilities to trigger remote code execution with SYSTEM privileges on the targeted system. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights by exploited the captioned vulnerability.

System administrators are strongly recommended to apply the security updates and take remedial measures whereas possible.

Vulnerabilities

Windows Print Spooler Remote Code Execution Vulnerability (CVE-2021-34527) (PrintNightmare)
Windows Print Spooler Remote Code Execution Vulnerability (CVE-2021-1675)
Windows Print Spooler Remote Code Execution Vulnerability (CVE-2021-34481)

Severity Level

Critical

Affected Product Version

All versions of Windows are vulnerable.

Remediation

For all Windows Desktop OS, or Windows Servers running as Print Server:
1. Install the latest security updates for your system.
  - for CVE-2021-34527
  - for CVE-2021-1675
  - for CVE-2021-34481

[Update] Windows updates released 10 August 2021 and later will, by default, require administrative privilege to install drivers. Please refer to KB5005652—Manage new Point and Print default driver installation behavior (CVE-2021-34481) for details.

For Windows servers that do not need Printer function, please install those security patches and please consider to disable the Print Spooler service.

Reference

Microsoft KB5005010:
https://support.microsoft.com/en-us/topic/kb5005010-restricting-installation-of-new-printer-drivers-after-applying-the-july-6-2021-updates-31b91c02-05bc-4ada-a7ea-183b129578a7
Windows Print Spooler Remote Code Execution Vulnerability (CVE-2021-34527)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
Windows Print Spooler Remote Code Execution Vulnerability (CVE-2021-1675)
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1675
Windows Print Spooler Remote Code Execution Vulnerability (CVE-2021-34481)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481
KB5005652—Manage new Point and Print default driver installation behavior (CVE-2021-34481)
https://support.microsoft.com/en-us/topic/kb5005652-manage-new-point-and-print-default-driver-installation-behavior-cve-2021-34481-873642bf-2634-49c5-a23b-6d8e9a302872
HKCERT Security Bulletin
https://www.hkcert.org/security-bulletin/microsoft-windows-remote-code-execution-vulnerability_20210702
RAPID7 Blog
https://www.rapid7.com/blog/post/2021/06/30/cve-2021-1675-printnightmare-patch-does-not-remediate-vulnerability/

Enquiry

ITSC Service Desk: http://servicedesk.itsc.cuhk.edu.hk (Get Help > Desktop Support and Management)

Updated on: 25 Sep 2021

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.