PrintNightmare

{{Short description|Security vulnerability in Microsoft Windows}}

{{Use American English|date=February 2024}}

{{Use mdy dates|date=February 2024}}

{{Infobox bug

| name = PrintNightmare

| image =

| caption = .

| CVE = [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1675 CVE-2021-1675]
[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527 CVE-2021-34527]

[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34481 CVE-2021-34481]

| discovered = {{Start date and age|2021|6|29}}

| patched = {{Start date and age|2021|7|6}}{{cite web |title=July 6, 2021—KB5004945 (OS Builds 19041.1083, 19042.1083, and 19043.1083) Out-of-band |url=https://support.microsoft.com/en-us/topic/july-6-2021-kb5004945-os-builds-19041-1083-19042-1083-and-19043-1083-out-of-band-44b34928-0a71-4473-aa22-ecf3b83eed0e |website=Microsoft Support |publisher=Microsoft Corporation |access-date=July 11, 2021 |archive-date=July 10, 2021 |archive-url=https://web.archive.org/web/20210710130245/https://support.microsoft.com/en-us/topic/july-6-2021-kb5004945-os-builds-19041-1083-19042-1083-and-19043-1083-out-of-band-44b34928-0a71-4473-aa22-ecf3b83eed0e |url-status=live }}

| discoverer = Sangfor

| affected software = Microsoft Windows 7, 8, 8.1, 10, 11
Microsoft Windows Server 2008, 2012, 2012 R2, 2016, 2019, 2022{{Cite web |title=Security Update Guide - Microsoft Security Response Center |url=https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2021-34527 |access-date=2024-06-17 |website=msrc.microsoft.com}}

}}

PrintNightmare is a critical security vulnerability affecting the Microsoft Windows operating system.{{cite web |last=Valinsky |first=Jordan |title=Microsoft issues urgent security warning: Update your PC immediately |url=https://edition.cnn.com/2021/07/07/tech/microsoft-security-update/index.html |website=CNN Business |access-date=July 11, 2021 |date=July 9, 2021 |archive-date=July 10, 2021 |archive-url=https://web.archive.org/web/20210710211113/https://edition.cnn.com/2021/07/07/tech/microsoft-security-update/index.html |url-status=live }}{{cite web |title=Microsoft fixes critical PrintNightmare bug |url=https://www.bbc.com/news/technology-57750138 |website=BBC News |access-date=July 11, 2021 |date=July 7, 2021 |archive-date=July 10, 2021 |archive-url=https://web.archive.org/web/20210710104629/https://www.bbc.com/news/technology-57750138 |url-status=live }} The vulnerability occurred within the print spooler service.{{cite web |last1=Winder |first1=Davey |title=New Critical Security Warning Issued For All Windows Versions As 'PrintNightmare' Confirmed |url=https://www.forbes.com/sites/daveywinder/2021/07/02/new-critical-security-warning-issued-for-all-windows-versions-as-printnightmare-confirmed/?sh=7b55712b7d04 |website=Forbes |date=July 2, 2021 |access-date=July 11, 2021 |archive-date=July 11, 2021 |archive-url=https://web.archive.org/web/20210711072318/https://www.forbes.com/sites/daveywinder/2021/07/02/new-critical-security-warning-issued-for-all-windows-versions-as-printnightmare-confirmed/?sh=7b55712b7d04 |url-status=live }}{{cite web |title=Security Update Guide - Microsoft Security Response Center |url=https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 |website=msrc.microsoft.com |publisher=Microsoft Corporation |access-date=July 11, 2021 |archive-date=July 10, 2021 |archive-url=https://web.archive.org/web/20210710193234/https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 |url-status=live }} There were two variants, one permitting remote code execution (CVE-2021-34527), and the other leading to privilege escalation (CVE-2021-1675).{{cite web|title=Microsoft Releases Out-of-Band Security Updates for PrintNightmare|website=US-CERT|publisher=Cybersecurity and Infrastructure Security Agency|url=https://us-cert.cisa.gov/ncas/current-activity/2021/07/06/microsoft-releases-out-band-security-updates-printnightmare |date=July 6, 2021 |access-date=July 11, 2021 |archive-date=July 7, 2021 |archive-url=https://web.archive.org/web/20210707223905/https://us-cert.cisa.gov/ncas/current-activity/2021/07/06/microsoft-releases-out-band-security-updates-printnightmare|url-status=live}} A third vulnerability (CVE-2021-34481) was announced July 15, 2021, and upgraded to remote code execution by Microsoft in August.{{Cite web |date=July 16, 2021|title=More PrintNightmare: 'We TOLD you not to turn the Print Spooler back on!' |url=https://nakedsecurity.sophos.com/2021/07/16/more-printnightmare-we-told-you-not-to-turn-the-print-spooler-back-on/ |access-date=September 7, 2021 |website=Naked Security }}{{Cite web|title=Windows Print Spooler Remote Code Execution Vulnerability CVE-2021-34481 |url=https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481 |access-date=September 7, 2021 |website=msrc.microsoft.com}}

On July 6, 2021, Microsoft started releasing out-of-band (unscheduled) patches attempting to address the vulnerability.{{cite web |title=Out-of-Band (OOB) Security Update available for CVE-2021-34527 – Microsoft Security Response Center |url=https://msrc-blog.microsoft.com/2021/07/06/out-of-band-oob-security-update-available-for-cve-2021-34527/ |website=Microsoft Security Response Center |publisher=Microsoft Corporation |access-date=July 11, 2021 |archive-date=July 10, 2021 |archive-url=https://web.archive.org/web/20210710040714/https://msrc-blog.microsoft.com/2021/07/06/out-of-band-oob-security-update-available-for-cve-2021-34527/ |url-status=live }} Due to its severity, Microsoft released patches for Windows 7, for which support had ended in January 2020.{{cite web |last=Sharwood |first=Simon |title=Microsoft patches PrintNightmare – even on Windows 7 – but the terror isn't over |url=https://www.theregister.com/2021/07/07/printnightmare_patched/ |website=The Register |access-date=July 11, 2021 |date=July 7, 2021 |archive-date=July 8, 2021 |archive-url=https://web.archive.org/web/20210708064529/https://www.theregister.com/2021/07/07/printnightmare_patched/ |url-status=live }} The patches resulted in some printers ceasing to function.{{cite web |last1=Smith |first1=Adam |title=Microsoft fixes huge security bug – and breaks people's printers |url=https://www.independent.co.uk/life-style/gadgets-and-tech/microsoft-printnightmare-windows-printers-update-b1881109.html |website=The Independent |access-date=July 11, 2021 |date=July 9, 2021 |url-access=registration |archive-date=July 9, 2021 |archive-url=https://web.archive.org/web/20210709125919/https://www.independent.co.uk/life-style/gadgets-and-tech/microsoft-printnightmare-windows-printers-update-b1881109.html |url-status=live }}{{cite web |last1=Lawler |first1=Richard |title=The Windows update to fix 'PrintNightmare' made some printers stop working |url=https://www.theverge.com/2021/7/8/22569387/zebra-windows-security-update-printer-spooler-microsoft |date=July 8, 2021 |website=The Verge |access-date=July 11, 2021 |publisher=Vox Media |archive-date=July 10, 2021 |archive-url=https://web.archive.org/web/20210710113908/https://www.theverge.com/2021/7/8/22569387/zebra-windows-security-update-printer-spooler-microsoft |url-status=live }} Researchers have noted that the vulnerability has not been fully addressed by the patches.{{cite magazine |last1=Goodin |first1=Dan |title=Microsoft Keeps Failing to Patch the Critical 'PrintNightmare' Bug |url=https://www.wired.com/story/microsoft-keeps-failing-patch-windows-printnightmare-bug/ |magazine=Wired |publisher=Condé Nast |access-date=July 11, 2021 |date=July 8, 2021 |archive-date=July 10, 2021 |archive-url=https://web.archive.org/web/20210710221442/https://www.wired.com/story/microsoft-keeps-failing-patch-windows-printnightmare-bug/ |url-status=live }} After the patch is applied, only administrator accounts on Windows print server will be able to install printer drivers. Part of the vulnerability related to the ability of non-administrators to install printer drivers on the system, such as shared printers on system without sharing password protection.{{cite web |last=Mackie |first=Kurt |title=Microsoft Clarifies Its 'PrintNightmare' Patch Advice -- Redmondmag.com |url=https://redmondmag.com/articles/2021/07/09/microsoft-clarifies-printnightmare-advice.aspx |website=Redmondmag |publisher=1105 Media Inc |access-date=July 11, 2021 |date=July 9, 2021 }}

The organization which discovered the vulnerability, Sangfor, published a proof of concept in a public GitHub repository.{{cite web |last=Corfield |first=Gareth |title=Leaked print spooler exploit lets Windows users remotely execute code as system on your domain controller |url=https://www.theregister.com/2021/06/30/windows_print_spool_vuln_rce/ |website=The Register |access-date=July 11, 2021 |date=June 30, 2021 |archive-date=July 8, 2021 |archive-url=https://web.archive.org/web/20210708162327/https://www.theregister.com/2021/06/30/windows_print_spool_vuln_rce/ |url-status=live }}{{cite web |last=Constantin |first=Lucian |title=PrintNightmare Vulnerability Explained: Exploits, Patches, and Workarounds |url=https://www.arnnet.com.au/article/689631/printnightmare-vulnerability-explained-exploits-patches-workarounds/ |website=ARN |publisher=IDG Communications |access-date=July 11, 2021 |date=July 8, 2021 |archive-date=July 8, 2021 |archive-url=https://web.archive.org/web/20210708221617/https://www.arnnet.com.au/article/689631/printnightmare-vulnerability-explained-exploits-patches-workarounds/ |url-status=live }} Apparently published in error, or as a result of a miscommunication between the researchers and Microsoft, the proof of concept was deleted shortly after.{{cite web |last=Warren |first=Tom |title=Microsoft warns of Windows "PrintNightmare" vulnerability that's being actively exploited |url=https://www.theverge.com/2021/7/2/22560435/microsoft-printnightmare-windows-print-spooler-service-vulnerability-exploit-0-day |website=The Verge |publisher=Vox Media |access-date=July 11, 2021 |date=July 2, 2021 |archive-date=July 9, 2021 |archive-url=https://web.archive.org/web/20210709183031/https://www.theverge.com/2021/7/2/22560435/microsoft-printnightmare-windows-print-spooler-service-vulnerability-exploit-0-day |url-status=live }} However, several copies have since appeared online.