What you need to know
- Microsoft fixed the Windows Print Spooler vulnerability known as PrintNightmare.
- People now need to have administrative privileges when using the Point and Print feature to install printer drivers.
- The change in required privileges comes as part of the Windows 10 August 2021 Patch Tuesday security updates.
Updated August 12, 2021 at 12:15 PM EST: Another PrintNightmare vulnerability has been discovered. The original article follows.
Microsoft has fixed the Print Spooler vulnerability known as PrintNightmare. After a saga that includes a researcher accidentally disclosing a vulnerability, Microsoft issuing an emergency fix, and researchers finding a way around the fix, Microsoft has what is likely a final solution for the issue. Following the Windows 10 August 2021 Patch Tuesday security updates, the operating system will require people to have administrative privileges to install printer drivers with the Point and Print feature.
"Our investigation into several vulnerabilities collectively referred to as "PrintNightmare" has determined that the default behavior of Point and Print does not provide customers with the level of security required to protect against potential attacks," says Microsoft in a blog post.
Microsoft also explains that requiring higher privileges addresses the vulnerability:
When exploited, the PrintNightmare vulnerability allows users with low privileges to open a command prompt with SYSTEM privileges. This effectively gives people control over a device, creating security risks.
Organizations can change this new behavior to allow people without administrative privileges to be able to install printer drivers with Point and Print. Microsoft recommends against this, however, as "Disabling this mitigation will expose your environment to the publicly known vulnerabilities in the Windows Print Spooler service."
Get the Windows Central Newsletter
All the latest news, reviews, and guides for Windows and Xbox diehards.
Sean Endicott brings nearly a decade of experience covering Microsoft and Windows news to Windows Central. He joined our team in 2017 as an app reviewer and now heads up our day-to-day news coverage. If you have a news tip or an app to review, hit him up at firstname.lastname@example.org.