Microsoft finally fixes PrintNightmare vulnerability with KB5005031 and KB5005033 updates

To help address the ongoing problems with the so-called PrintNightmare vulnerability (CVE-2021-34527), Microsoft has announced a change to the default behavior of the Point and Print feature in Windows.

The change has been delivered via the KB5005033 and KB5005031 update and means that in order to install printer drivers, users will have to have administrative privileges. This mitigates against the Windows Print Spooler vulnerability that allowed any user to install drivers via Point and Print, a fact that could be exploited to install a malicious drivers to allow for remote code execution and SYSTEM privileges.

See also:

• ASUS BIOS update gives motherboards TPM 2.0 support ready for Windows 11
• Microsoft releases KB5004296 update for Windows 10 to fix game performance problems and more
• Windows 10 will block Potentially Unwanted Applications by default

The fix comes as part of this month's Patch Tuesday updates, and the company also published a post on the Microsoft Security Response Center blog saying: "Our investigation into several vulnerabilities collectively referred to as 'PrintNightmare' has determined that the default behavior of Point and Print does not provide customers with the level of security required to protect against potential attacks".

The post continues:

Today, we are addressing this risk by changing the default Point and Print driver installation and update behavior to require administrator privileges. The installation of this update with default settings will mitigate the publicly documented vulnerabilities in the Windows Print Spooler service. This change will take effect with the installation of the security updates released on August 10, 2021 for all supported versions of Windows, and is documented as CVE-2021-34481.

This change may impact Windows print clients in scenarios where non-elevated users were previously able to add or update printers. However, we strongly believe that the security risk justifies this change. While not recommended, customers can manually disable this mitigation with a registry key, which is outlined in the following KB Article:

KB5005652 How to manage new Point and Print default driver installation behavior

Microsoft points out that disabling this mitigation will expose your environment to the publicly known vulnerabilities in the Windows Print Spooler service. System administrators are advised to assess their security needs before assuming this risk.

KB5005031 is available for Windows 10 version 1909, while KB5005033 is available for Windows 10 versions 2004, 20H2 and 21H1.

Image credit: JeanLucIchard / Shutterstock