Microsoft finally fixes PrintNightmare vulnerability with KB5005031 and KB5005033 updates
To help address the ongoing problems with the so-called PrintNightmare vulnerability (CVE-2021-34527), Microsoft has announced a change to the default behavior of the Point and Print feature in Windows.
The change has been delivered via the KB5005033 and KB5005031 update and means that in order to install printer drivers, users will have to have administrative privileges. This mitigates against the Windows Print Spooler vulnerability that allowed any user to install drivers via Point and Print, a fact that could be exploited to install a malicious drivers to allow for remote code execution and SYSTEM privileges.
Security researchers accidentally leak PrintNightmare remote execution vulnerability in Windows print spooler
Security researchers have inadvertently leaked details of a critical Windows print spooler vulnerability, dubbed PrintNightmare, along with a proof-of-concept. The flaw -- said be a Stuxnet-style zero-day -- can be exploited to completely compromise a Windows system.
Microsoft issued a patch for CVE-2021-1675, described as a "Windows Print Spooler Elevation of Privilege Vulnerability" last Patch Tuesday, and this is when things went wrong. Having seen that this patch had been published, security researchers then released technical details of what they thought was the same vulnerability, along with a proof-of-concept. But they had in fact released information about a different -- albeit similar -- vulnerability.