PrintNightmare and Recent Microsoft Patches

Back in June Microsoft addressed a minor privilege escalation vulnerability within the windows print spooling service (this windows service is responsible for how windows manages printing). Almost two weeks after they made their initial find the vulnerability impact was changed from local privilege escalation to remote code execution making a it a much bigger issue. This vulnerability was dubbed the name Print Nightmare because the print spooler service fails to restrict access to functionality that allows users to add printers and related system drivers thus allowing remote or local hackers to execute any code they desire on a system with FULL unrestricted system privileges.

To mitigate the issue of this vulnerability Microsoft made a change in the way that printers are deployed as well as changes to the security requirements for the installation of printer drivers. After applying patch KB5005652 non administrator users are no longer able to install network print drivers without administrator privileges. One would think that this is not an issue as the print drivers have been previously installed to most systems prior to this patch. However, what we are seeing is that print servers that are running server operating system 2016 or earlier (2012 and 2008R2) are prompting end users to reinstall the existing print driver especially if they are running V3 print drivers from the manufacturer. Given the print drivers are being required to be reinstalled due to this patch end users are being prompted for administrator credentials to be entered to allow the install of the driver that previously didn’t require this level of credentials. 

It is still highly recommended to not to give end users full administrator rights to either their computer or the windows domain as that allows their account to do anything on the system and if compromised via malicious means the end users account can be leverage for nefarious purposes. 

Several fixes have been being explored by systems administrators and by our engineers as well. We are working hard to implement the fixes with our clients and our field engineers will be communicating results and mitigation efforts with our points of contact.

Here is a Microsoft support article with the required fixes we will be implementing.

We are highly anticipating that printer manufacturers will be adjusting their drivers for most of their current products to help mitigate the problems with the new patches. As new drivers become available Peak Technologies staff will test and deploy new printer drivers as needed to our clients.

Thank you for your understanding and support