Microsoft claims that workarounds of its patch for the PrintNightmare vulnerability rely on changing default registry settings to create an insecure configuration.
What you need to know
- Microsoft claims that its patch for the PrintNightmare vulnerability works correctly.
- Several reports claim that there are ways around Microsoft's patch for the vulnerability.
- The company says that patch workarounds rely on default registry settings being changed to create an insecure configuration.
Microsoft recently released an emergency Windows patch to address a vulnerability known as PrintNightmare. The issue was serious enough to warrant a patch on several versions of Windows, including Windows 7, which is out of support. The patch was supposed to address security vulnerabilities, but reports claim there are workarounds.
When exploited, the vulnerability allows attackers to "install programs; view, change, or delete data; or create new accounts with full user rights," according to Microsoft.
In response to claims of the patch being ineffective, Microsoft investigated the workarounds. According to the company, the patch works as designed and is only ineffective when default registry settings have been changed:
Our investigation has shown that the OOB security update is working as designed and is effective against the known printer spooling exploits and other public reports collectively being referred to as PrintNightmare. All reports we have investigated have relied on the changing of default registry setting related to Point and Print to an insecure configuration.
Microsoft recommends that people take the following steps:
- In ALL cases, apply the CVE-2021-34527 security update. The update will not change existing registry settings
- After applying the security update, review the registry settings documented in the CVE-2021-34527 advisory
- If the registry keys documented do not exist, no further action is required
- If the registry keys documented exist, in order to secure your system, you must confirm that the following registry keys are set to 0 (zero) or are not present:
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint
- NoWarningNoElevationOnInstall = 0 (DWORD) or not defined (default setting)
- UpdatePromptSettings = 0 (DWORD) or not defined (default setting)
Microsoft has a support document that goes into the technical specifics of the issue. We also have a guide on how to mitigate the PrintNightmare vulnerability on Windows 10. We update our guide on the issue as more information comes in.
No comments: