Microsoft says its patch for PrintNightmare works, despite claims of workarounds

News
By Sean Endicott
published

Microsoft claims that workarounds of its patch for the PrintNightmare vulnerability rely on changing default registry settings to create an insecure configuration.

Microsoft logo at Ignite
Microsoft logo at Ignite (Image credit: Windows Central)

What you need to know

  • Microsoft claims that its patch for the PrintNightmare vulnerability works correctly.
  • Several reports claim that there are ways around Microsoft's patch for the vulnerability.
  • The company says that patch workarounds rely on default registry settings being changed to create an insecure configuration.

Microsoft recently released an emergency Windows patch to address a vulnerability known as PrintNightmare. The issue was serious enough to warrant a patch on several versions of Windows, including Windows 7, which is out of support. The patch was supposed to address security vulnerabilities, but reports claim there are workarounds.

When exploited, the vulnerability allows attackers to "install programs; view, change, or delete data; or create new accounts with full user rights," according to Microsoft.

In response to claims of the patch being ineffective, Microsoft investigated the workarounds. According to the company, the patch works as designed and is only ineffective when default registry settings have been changed:

Our investigation has shown that the OOB security update is working as designed and is effective against the known printer spooling exploits and other public reports collectively being referred to as PrintNightmare. All reports we have investigated have relied on the changing of default registry setting related to Point and Print to an insecure configuration.

Microsoft recommends that people take the following steps:

  • In ALL cases, apply the CVE-2021-34527 security update. The update will not change existing registry settings
  • After applying the security update, review the registry settings documented in the CVE-2021-34527 advisory
  • If the registry keys documented do not exist, no further action is required
  • If the registry keys documented exist, in order to secure your system, you must confirm that the following registry keys are set to 0 (zero) or are not present:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint
  • NoWarningNoElevationOnInstall = 0 (DWORD) or not defined (default setting)
  • UpdatePromptSettings = 0 (DWORD) or not defined (default setting)

Microsoft has a support document that goes into the technical specifics of the issue. We also have a guide on how to mitigate the PrintNightmare vulnerability on Windows 10. We update our guide on the issue as more information comes in.

Sean Endicott
Sean Endicott
News Writer and apps editor

Sean Endicott brings nearly a decade of experience covering Microsoft and Windows news to Windows Central. He joined our team in 2017 as an app reviewer and now heads up our day-to-day news coverage. If you have a news tip or an app to review, hit him up at sean.endicott@futurenet.com.