Microsoft Warns of “PrintNightmare,” an Unpatched, Actively Exploited Flaw in the Windows Print Spooler Service

Image: Microsoft

Microsoft has published an advisory pertaining to a new Windows print spooler remote code execution vulnerability that leverages code present in all versions of the operating system. Appropriately dubbed “PrintNightmare,” the vulnerability allows attackers to remotely execute code with system privileges, letting them install programs, delete data, and create accounts with full user rights. Microsoft has confirmed that the vulnerability is being actively exploited, but while there doesn’t seem to be an official fix yet, 0patch is offering temporary patches for Windows users who’d like to address the zero-day straight away. Other options include disabling the Print Spooler service or disabling inbound remote printing through Group Policy.

[…] CISA has also issued a notification on the PrintNightmare zero-day encouraging admins to disable the Windows Print Spooler service on servers not used for printing. Per Microsoft’s previous recommendations on how to mitigate risks on Domain controllers with Print spooler service running, the service should be disabled on all Domain Controllers and Active Directory admin systems via a Group Policy Object due to the increased exposure to attacks.

Sources: Microsoft, BleepingComputer (1, 2), The Verge

Recent News