Windows Print Spooler Vulnerability: What is PrintNighmare and can you fix it?

share to other networks share to twitter share to facebook

Microsoft has confirmed that a new vulnerability known as 'PrintNightmare' is affecting the Windows Print Spooler.

This critical vulnerability has the potential for remote code execution (RCE). Microsoft is now investigating PrintNightmare, also assigned the name 'CVE-2021-34527'.

Advertisement

Here's everything you need to know about the PrintNightmare vulnerability, and what you can do about it.

READ MORE: Windows 11 on Android smartphones can actually run Crysis

What is the PrintNightmare vulnerability?

PrintNightmare is a RCE vulnerability impacting the Windows Print Spooler that if exploited, could give the attacker system privileges via the RpcAddPrinterDriverEx() function.

According to Microsoft's FAQs, the June 2021 security update did not introduce PrintNightmare/CVE-2021-3452, but the vulnerability existed beforehand in other versions of Windows.

The exploit that triggers this RCE has been circulated online, first appearing on Github in late March before being removed.

READ MORE: Windows 11 vs MacOS Monterey: Is Windows 11 better than MacOS 12?

Advertisement

How to fix PrintNightmare vulnerability

Microsoft has now released the Windows 10 KB5004945 emergency update to resolve the PrintNighmare vulnerability. It should download automatically for Windows 10 users.

If the update has not downloaded on your PC, you can go to Windows Settings, select Updates & Security and then Windows Update. Here, choose Check for Updates, and any new patches - including KB5004945 - should show up, unless already downloaded.

However, some users are reporting issues with the KB5004945 update - specifically when attempting to print. Microsoft has listed the known issues surrounding the emergency update here - and there are quite a few - along with how to resolve them.

Advertisement

Previously Microsoft released two workarounds to the PrintNightmare vulnerability.

First, Microsoft recommended disabling the Print Spooler service, which will prevent the Print Spooler from being able to print on local or remote devices. You can do this by entering these commands in Windows PowerShell:

  • Stop-Service -Name Spooler -Force
  • Set-Service -Name Spooler -StartupType Disabled

The second workaround will disable remote printing on your system via Group Policy, meaning you can only use local printing (via a direct connection).

READ MORE: Windows 11 vs Window 10 gaming: Is Windows 11 better than Windows 10?