Windows Print Spooler Remote Code Execution Vulnerability

Page 5 of 7 FirstFirst ... 34567 LastLast

  1. Riley7
    Posts : 37
    Win 10 Pro x64 Version 21H1 Build 19043.1348
       New #40

    steve108 said:
    From that link:
    "However, malware and threat actors could still use the local privilege escalation component to gain SYSTEM privileges on vulnerable systems only if the Point and Print policy is enabled."

    I believe most home users won't have Point and Print policy enabled.

    I don't even have the registry key
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint
    or for that matter
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers
    in my registry.

    Does anyone else?
    I have HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers. I disabled the print spooler service using group policy editor, maybe doing so added it.
      My Computer
    Quote Quote

  3. steve108
    Posts : 21,421
    19044.1586 - 21H2 Pro x64
       New #41

    Try3 said:
    Steve,

    Neither do I.

    Denis
    Denis, Thanks for checking.

    I presume this means we can keep the Print Spooler service enabled and running if we installed KB5005945 and not get hacked if
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint
    doesn't exit on our PC.

    If I'm misinterpreting the situation, please correct me.
      My Computer
    Quote Quote

  4. Try3
    Posts : 16,948
    Windows 10 Home x64 Version 22H2 Build 19045.4170
       New #42

    steve108 said:
    I presume this means we can keep the Print Spooler service enabled and running if we installed KB5005945 and not get hacked if
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint
    doesn't exit on our PC.
    If I'm misinterpreting the situation, please correct me.
    If I'm interpreting the situation correctly then I will be very surprised.

    I'm going to hold off until the next Patch Tuesday CU.
    - It may well have a better fix.
    - I'm not convinced the vulnerability affects us independent users anyway.

    Denis
      My Computer
    Quote Quote

  5. steve108
    Posts : 21,421
    19044.1586 - 21H2 Pro x64
       New #43

    Try3 said:
    If I'm interpreting the situation correctly then I will be very surprised.

    I'm going to hold off until the next Patch Tuesday CU.
    - It may well have a better fix.
    - I'm not convinced the vulnerability affects us independent users anyway.

    Denis
    I have a feeling you're correct and that enterprise servers would be the primary targets.

    I decided to install KB5004945 out of an abundance of caution - so far so good on four PCs. Hoping for a better fix next Tuesday too
      My Computer
    Quote Quote

  7. Phone Man
    Posts : 1,463
    Windows 10 Pro 22H2 64 bit
       New #44

    After installing the fix KB50004945 I thought this was added but I was wrong.
    Windows Print Spooler Remote Code Execution Vulnerability-printer-reg.png

    I also used Group Policy to stop remote access to printer.

    Windows Print Spooler Remote Code Execution Vulnerability-printer-group-policy..png

    Jim

    My BAD: The Group Policy is what added the Reg entry not the CU.

    Jim
    Last edited by Phone Man; 08 Jul 2021 at 15:07.
      My Computer
    Quote Quote

  8. sygnus21
    Posts : 5,899
    Win 11 Pro (x64) 22H2
       New #45

    Do be aware anytime you print - whether printing to paper or to a document such as PDF, you're invoking (using) the Print Spooler. Bottom line is if you "print" you're using the print spooler which is the risk

    BTW, if you find you can't print (and provided the printer is good) look to the print spooler service.

    Anyway, I print all the time and am not about to stop now, so...
      My Computers
    Quote Quote

  9. steve108
    Posts : 21,421
    19044.1586 - 21H2 Pro x64
       New #46

    Phone Man said:
    .........

    My BAD: The Group Policy is what added the Reg entry not the CU.

    Jim
    Had me scratching my head there before you updated your post
      My Computer
    Quote Quote

  10. bro67
    Posts : 9,790
    Mac OS Catalina
       New #47

    Appears that they are issuing the Adobe Flash removal tool in the same KB. It is possible that if your machine is not affected by PrintNightmare that when the Adobe removal tool runs, the patch does not apply if everything comes back that it is not a necessary OOB.
      My Computer
    Quote Quote

  11. crad
    Posts : 67
    Windows 10
       New #48

    Microsoft has issued a statement regarding this issue: "Our investigation has shown that the OOB security update is working as designed and is effective against the known printer spooling exploits and other public reports collectively being referred to as PrintNightmare. All reports we have investigated have relied on the changing of default registry setting related to Point and Print to an insecure configuration" It appears the registry key NoWarningNoElevationOnInstall has had its value changed by some admins and that is what has caused the original fix to allegedly fail according to Microsoft. MS states that if the keys original value of 0 is left unchanged, then the patch works as intended.
      My Computer
    Quote Quote

  13. Brink
    Posts : 68,937
    64-bit Windows 11 Pro for Workstations
    Thread Starter
       New #49

    UPDATE: Clarified Guidance CVE-2021-34527 Windows Print Spooler Vulnerability
      My Computers
    Quote Quote

 

  Related Discussions
Source: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200006
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 06:48.
Find Us




Windows 10 Forums