2021 is being a disastrous year for Windows security. And not only because of the large number of bugs and problems that are appearing for this OS, but also because of the problems that arrive, month after month, to solve them. In April of this year, Microsoft had to solve some critical failures in the controllers printer queue that could be used to attack users. These fixes brought tail, as there were many problems with them. And now, Microsoft’s system has been affected by a similar bug. A failure for which, for now, there is no solution.
PrintNightmare – an unsolvable crash in Windows
Just yesterday, Microsoft confirmed a new critical error that affected all its systems: PrintNightmare. This failure is RCE (remote code execution), and affects the print spooler service (Windows Print Spooler). The security flaw has already been registered with the code CVE-2021-34527, and Microsoft is investigating it in order to develop and release a patch as soon as possible. The problem is, hackers have already done that job, and are taking advantage of it to carry out all kinds of attacks on the network.
Although, for security, Microsoft has not given many details about the problem, what we do know is that hackers can abuse a function called “RpcAddPrinterDriverEx ()” within Windows Print Spooler to gain privileges within the system and run code with SYSTEM permissions. When he gains control of the system, the hacker can install or delete programs, view, change or delete system data, and even create a new administrator user on the computer.
It is important to note that various exploits are circulating on the network designed to take advantage of this vulnerability. Therefore, it is an actively exploited flaw, and with public exploits circulating on the network, so we must exercise extreme caution if we do not want to pay dearly for it.
How to protect ourselves from failure
This fault is similar to the others that have been solved over the last few months. The last one of them CVE-2021-1675, fixed in the security patches of June of this year. However, they are all different faults, and they are not related to each other.
While Microsoft develops and releases its corresponding security patch, the company recommends disable Print Spooler service, from Windows services (services.msc), to block the remote printing function and thus prevent them from attacking our computer through this failure. When the patch is available to everyone we can put it back on automatic again.
Microsoft has confirmed that it is already analyzing the security problem and that it will have a new patch very soon. However, at the moment we don’t know if this will arrive in time for Patch Tuesday in July (we hope so), or if we will have to wait until August. Be that as it may, we hope that this time Microsoft will fix it well and not leave millions of old printers without working like the last time.