Microsoft recently released emergency patches to fix a major zero-day security flaw in Windows’ Print Spooler code dubbed “PrintNightmare,” but they didn’t fix the problem. Security researchers discovered the vulnerability is still present on several versions of Windows even after the patch (via TechRadar), leaving users vulnerable to serious cybersecurity threats.
By exploiting the PrintNightmare bug, hackers could gain control of a PC and install malware, ransomware, steal or destroy important data, and more, without requiring physical access to the computer. Y’know, real black hat stuff.
Some security experts doubt the company properly tested the patch at all before pushing it live. Either way, it’s a bad look for Microsoft and only makes the PrintNightmare debacle into more of a nightmare—one that puts millions of Windows devices at risk.
PrintNightmare affects the Windows Print Spooler in all versions of Windows, including the versions installed on personal computers, enterprise networks, Windows Servers, and domain controllers. Worse, hackers are actively exploiting PrintSpooler due to a fumbled proof-of-concept (PoC) attack.
Security researchers at Sangfor discovered the PrintNightmare exploit along with several other zero-day flaws in the Windows Print Spooler services. The group created PoC exploits as part of an upcoming presentation on the flaws. The researchers believed the vulnerabilities were already patched and published them on Github.
Microsoft had, in fact, patched some of the zero-day Print Spooler vulnerabilities in a previous security update, but PrintNightmare was unpatched. While Sangfor’s original PringNightmare PoC is no longer on Github, the project was replicated before it could be taken down, and there’s evidence the PoC exploit has been used.
Microsoft released emergency security patches for all affected versions of Windows, including:
Windows 10
Windows 8.1
Windows 7
Windows RT 8.1
Numerous versions of Windows Server
Unfortunately, as we now know, the patches didn’t do squat. Luckily, the Windows Print Spooler service can be temporarily disabled to prevent a PrintNightmare attack.
Network administrators can disable (and restore) Windows Print Spooler and remote printing with a group policy, but general users will need to turn it off using Powershell commands, which will safeguard your PC against any PrintNightmare threats:
Use the taskbar or Windows start menu to search for “Powershell.”
Right-click Powershell and select “Run as administrator.”
In the Powershell prompt, run the following command to disable Windows Print Spooler: Stop-Service -Name Spooler -Force
Then run this command to prevent Windows from re-enabling Print Spooler services at startup: Set-Service -Name Spooler -StartupType Disabled
Keep your Windows Print Spooler services disabled until Microsoft’s patch is available and installed on your PC sometime in the near future. Once it’s safely patched, you can re-enable Print Spooler services in Powershell using the Set-Service -Name Spooler -StartupType Automatic and Start-Service -Name Spooler commands.
Note that this is not a long-term preventative measure since the vulnerability is still present even with the Print Spooler services disabled. However, it’s the only option for now. We recommend keeping Print Spooler disabled even if Microsoft releases subsequent security updates, just to be safe. You can re-enable Print Spooler once it’s confirmed the vulnerability is fully patched.
We’ll update this post once again if and when another patch is released. For most Windows 10 users, further security updates will show up automatically, but you can also manually check for new patches in Settings > Update & Security > Windows Update > Check for Updates. Users on older versions of Windows, such as Windows 7, need to download and install the patch manually from Microsoft’s security update guide.
This article was originally published on July 2, 2021 and was updated on July 7, 2021 with instructions on installing the emergency Windows security patches, and again on July 8, 2021 with reports that the patches do not work.
[The Verge]
Amazon is changing its packaging to use less material, but it’s also adding quirky QR codes to its new boxes that let you scan and play with 3D models
Well, here we are. And yes, that’s Apple’s Craig Federighi peering lovingly at Apple’s big move to its own silicon—the M1 chip, the first system-on-a-
As you’re hunkered down for the second winter in a row, you may be running out of things to keep yourself occupied. You’ve watched all the shows, done
Apple TV users should update the HBOMax app right now to fix some—but not all—of the bugs introduced in last week’s version update.HBOMax version 5.30
Every year, Apple adds new features to the iPhone and iPad operating systems to make notifications a bit more manageable. iOS 15 is no different. This
With every new data breach or controversy that comes out of the Facebook corporation, you may consider anew simply deleting your account and all your
The Microsoft Store has struggled in the past to garner approval from its users. It has had a reputation for being dysfunctional—or missing critical a
We all know you don’t buy a Mac for gaming. Sure, it’s possible, but you don’t buy Apple exclusively to play games unless you only play Apple Arcade.
We are a comprehensive and trusted information platform dedicated to delivering high-quality content across a wide range of topics, including society, technology, business, health, culture, and entertainment.
From breaking news to in-depth reports, we adhere to the principles of accuracy and diverse perspectives, helping readers find clarity and reliability in today’s fast-paced information landscape.
Our goal is to be a dependable source of knowledge for every reader—making information not only accessible but truly trustworthy. Looking ahead, we will continue to enhance our content and services, connecting the world and delivering value.
