Update your PC! Latest patch fixes dozens of flaws, including PrintNightmare
Microsoft might finally have a solution for its printer issue in the Windows operating system. The Print Spooler vulnerability, also given the delightful moniker of PrintNightmare, has been a thorn in Microsoft’s side since early July.
Customary with the second Tuesday of every month, Microsoft released a batch of fixes to address vulnerabilities.
August’s Patch Tuesday fixes a total of 51 vulnerabilities. Seven have been deemed critical in severity, while one zero-day exploit has been patched. Here is how Microsoft finally got rid of the PrintNightmare problem.
Here’s the backstory
Security researchers in July first discovered the Print Spooler vulnerability. Publishing their proof-of-concept onto the web, researchers quickly realized that Microsoft wasn’t aware of the problem.
The discovery of software flaws is usually handled through a responsible disclosure process. But in this case, all the information needed to exploit the flaw was already published. Hackers just needed to go to the GitHub page to see what was needed.
The vulnerability gave attackers elevated privileges in Windows. By exploiting the Print Spooler tool, the attacker could run arbitrary code on a PC. This, in turn, gave them permission to install programs and view, change or delete data.
The latest Windows update appears to have finally corrected the initial problem. It took two rounds of separate patches to work. After the update has been installed, Windows will only allow users with administrative privileges to install printer drivers with the Point and Print feature.
Microsoft explained that the setting would be turned on automatically when the update is installed, but you can turn it off. Turning the setting off is a bad idea as the company warned, will put computers at risk of being attacked.
What else the update fixes
In addition to addressing the Print Spooler vulnerability, the update fixes several other problems. Most of them are with software exploits in Windows Media, Windows Defender, Remote Desktop Client, Microsoft Office and Windows Update.
The single zero-day exploit used in the wild is a Medic Service Elevation of Privilege Vulnerability. As with previous bugs, Microsoft isn’t too quick to share how the flaw works or who discovered it.
Microsoft's PrintNightmare mess continues - Here's what to do to keep your PC safe
Updated 7/19/2021 – Microsoft issued a patch a few weeks ago to fix a flaw known as PrintNightmare that impacts Windows Print Spooler. Unfortunately, another new flaw with the Print Spooler has been discovered that isn’t addressed by the patch. You may want to go ahead and disable the Print Spooler until Microsoft has an update that actually works. Keep reading for steps to disable the Print Spooler.
Don't make this mistake when selling your old Echo devices
With technology constantly evolving, it makes sense that you always want to upgrade devices. But what do you do with those old gadgets? Why not make some extra cash and sell them? Tap or click here for ways to make money off your old tech.