What you need to know
- Another Windows 10 PrintNightmare vulnerability has been discovered.
- The vulnerability can be exploited despite Microsoft's patches and changes to the printer driver installation process.
- Ransomware attackers are using PrintNightmare vulnerabilities to target Windows servers.
Another zero-day Windows print spooler vulnerability has been discovered (via Bleeping Computer). This is yet another bug that falls under the class known as PrintNightmare. Like other vulnerabilities in its class, attackers can exploit this vulnerability to run code with SYSTEM privileges.
Microsoft released patches that address PrintNightmare vulnerabilities in July and August 2021. The company also changed the process for installing new printer drivers to require admin privileges. Despite these changes, researchers have found ways to attack PCs utilizing a Print Spooler vulnerability.
Microsoft explains the issue, which is labeled CVE-2021-36958:
Despite the fact that users now need admin privileges to install printer drivers, admin privileges are not required to connect to a printer if a driver is already installed. Additionally, drivers on clients don't need to be installed, so the vulnerability is left open to attack in cases when someone connects to a remote printer.
Bleeping Computer also reports that PrintNightmare exploits are being used by ransomware attackers. A ransomware group called Magniber has been discovered attempting to exploit PrintNightmare vulnerabilities, according to a report from Crowdstrike.
Crowdstrike's director of threat research and reporting warns that this could only be the start of attackers exploiting these vulnerabilities, "CrowdStrike estimates that the PrintNightmare vulnerability coupled with the deployment of ransomware will likely continue to be exploited by other threat actors."
Get the Windows Central Newsletter
All the latest news, reviews, and guides for Windows and Xbox diehards.
Sean Endicott brings nearly a decade of experience covering Microsoft and Windows news to Windows Central. He joined our team in 2017 as an app reviewer and now heads up our day-to-day news coverage. If you have a news tip or an app to review, hit him up at firstname.lastname@example.org.