Microsoft did not fix the printer manager flaw, here’s how to protect yourself

Microsoft yesterday deployed a fix for a zero-day flaw discovered earlier in Windows Printer Manager. Unfortunately, cybersecurity researchers say the problem is not resolved. Hackers can still use the breach to install malware. The good news is that there is a way to protect yourself while waiting for a definitive solution.

printer
Credit: Unsplash

At the beginning of the month, we reported thata zero-day flaw has been discovered in the Windows printer manager. Called PrintNightmare, it allows hackers to infiltrate their victim’s PC to install malware. To do this, all they have to do is pretend to be a print driver. Microsoft reacted quickly since yesterday, the publisher deployed a patch urgently.

So, problem solved? Apparently not. According to Benjamin Delpy, the developer behind the Mimikatz authentication manager, Microsoft simply patched remote code execution under certain conditions. If the “Point and print” option is activated, on the other hand, the fix turns out to be perfectly useless. Cybersecurity researcher Will Dorman confirmed this finding: “If you have a system where PointAndPrint NoWarningNoElevationOnInstall = 1, then Microsoft’s patch for PrintNightmare CVE-2021-34527 does nothing to prevent local or remote code execution”.

How to protect against the vulnerability of the Windows printer manager?

It is also necessary that the option “When installing the drivers for a new connection” is configured as “Do not display the warning or the elevation prompt”. Here’s how you can check these settings:

  • Tap on the Windows icon and search “Edit Group Policy”
  • See you in Computer configuration> Administrative Templates> Printers> Point and print restrictions
  • In the window that opens, check the option “When installing the drivers for a new connection”
  • If this is configured on “Do not show elevation warning or prompt”, click on Not configured or Deactivated
windows flaw printer manager point and print

This should prevent hackers from gaining access to your computer. “We always advise our customers to disable this option wherever it is not needed until a fix arrives and resolves this issue appropriately”, says cybersecurity researcher Matthew Hickey.

On the same topic: Windows – Critical flaw in printer manager threatens millions of users

There is also another solution to protect your PC. Indeed, the 0patch site offers a free micropatch which temporarily fixes the problem, while waiting for Microsoft to deploy an effective fix. Here is how to install it:

  • Go to this link
  • Create an account on the 0patch website
  • Download and install 0patch Agent from this link
  • Your computer will be patched automatically without needing to restart it

Be careful, however, not to install the July 6 update before performing this operation, as it cancels the effect of the patch. “If you are using 0patch against PrintNightmare, do NOT apply the July 6 Windows Update! Not only does it not correct against local attacks, it also does not correct the ranged attack problem. In addition, it modifies localspl.dll, so our fixes for the problem no longer apply ”, 0patch tweeted.

How do I know if my computer is vulnerable to the printer manager vulnerability?

0patch has published the list of Windows versions that can be attacked through the Printer Manager. there she is :

  • Windows Server 2019
  • Windows Server 2016,
  • Windows Server 2012 R2
  • Windows Server 2012
  • Windows Server 2008 R2
  • Windows 10 (all versions)

And here is the list of Windows versions compatible with the fix from 0patch:

  • Windows Server 2019
  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows Server 2008 R2
  • Windows 10 v20H2
  • Windows 10 v2004
  • Windows 10 v1909
  • Windows 10 v1903
  • Windows 10 v1809
  • Windows 10 v1803
  • Windows 10 v1709

Leave a Comment