Skip to main content

Windows 10 PrintNightmare continues with yet another exploit

Dell Xps 13 9300 Ports
Dell Xps 13 9300 Ports (Image credit: Daniel Rubino/Windows Central)

What you need to know

  • A remote print server created by a researcher allows people to exploit the PrintNightmare vulnerability on Windows 10.
  • If utilized, it allows people with limited privileges to effectively gain administrative privileges on a PC.
  • An attacker could use the vulnerability to disable Windows Defender.

The Windows print spooler vulnerability continues to be exploited by researchers. Security researcher Benjampin Delpy found several ways to bypass and take advantage of the vulnerability known as PrintNightmare. Delpy recently shared a video showing that an exploit allows people to effectively gain administrative privileges on a PC.

Microsoft issued a critical security patch (opens in new tab) for the PrintNightmare vulnerability, but researchers have found ways around it. Delpy's workaround involves a print server that can install a print driver. This driver can then launch a Dynamic Link Library (DLL) file with SYSTEM privileges.

BleepingComputer installed the print driver in question and saw the same results as Delpy. Despite the test computer being a fully patched PC running the latest version of Windows 10, a user with standard privileges was able to disable Windows Defender and gain full SYSTEM privileges.

See more

Delpy's method lets anyone who installs the remote print driver gain administrative privileges on a PC. This access could be used in several ways, including creating new users, installing software, or deploying ransomware on a PC.

Delpy told BleepingComputer that he's trying to pressure Microsoft to release fixes for the vulnerability.

A CERT advisory from Will Dormann outlines multiple mitigations for the vulnerability:

  1. Stop and disable the Print Spooler service.
  2. Disable inbound remote printing through Group Policy.
  3. Block RPC and SMB ports at the firewall.
  4. Enable security prompts for Point and Print.
  5. Restrict printer driver installation ability to administrators.

The advisory breaks down each option in more technical detail. We also have a guide on how to mitigate the PrintNightmare vulnerability that we update as more information comes in.

Sean Endicott
News Writer and apps editor

Sean Endicott brings nearly a decade of experience covering Microsoft and Windows news to Windows Central. He joined our team in 2017 as an app reviewer and now heads up our day-to-day news coverage. If you have a news tip or an app to review, hit him up at sean.endicott@futurenet.com (opens in new tab).

1 Comment
  • Geesh. They might as well just get rid of print servers