PrintNightmare Bug Partially Patched By Microsoft

Walden Systems Geeks Corner News PrintNightmare Bug Partially Patched By Microsoft Rutherford NJ New jersey NYC New York City North Bergen County
CielView-Server minimizes redundancy in computing resources while allowing users remote desktop access to virtualized user Desktops. CielView-Desktop provides customized solutions to each user in an organization

Microsoft released an emergency patch for the PrintNightmare Bug. The PrintNightmare Bug is a set of two critical remote code-execution flaws in the Windows Print Spooler service that hackers can use to take control of an infected system. There are more fixes needed before all Windows systems affected by the bug are completely protected, according to the U.S. government. Microsoft released an out-of-band update for several versions of Windows to address the issue.

The fix only addresses the RCE variants of PrintNightmare, and not the local privilege escalation variant, according to a VulNote published by the CERT Coordination Center. The updates do not include Windows 10 version 1607, Windows Server 2012 or Windows Server 2016, which will be patched at a later date.


The PrintNightmare problem was revealed when a proof of concept was uploaded to GitHub last Tuesday. The proof of concept showed how a hacker can exploit the vulnerability to take control of an affected system. While it was taken back down within a few hours, the code was copied and remains in circulation on the platform. Even hough Microsoft released an patch for in it its usual, monthly Patch Tuesday updates, it only addressed what it thought was a minor EoP vulnerability, the listing was updated later in the week after researchers from Tencent and NSFOCUS TIANJI Lab figured out it could be used for RCE.

Microsoft's initial patch didn't fix the entire problem. CERT/CC on Thursday offered its own workaround for PrintNightmare, advising system administrators to disable the Windows Print Spooler service in Domain Controllers and systems that do not print. Microsoft also dropped a notice for a bug called "Windows Print Spooler Remote Code Execution Vulnerability" that appeared to be the same vulnerability, but with a different CVE number.

For systems that are not protected by the patch, Microsoft is offering several workarounds for PrintNightmare. One is to stop and disable the Print Spooler service by using the following PowerShell commands:

Stop-Service -Name Spooler -Force
Set-Service -Name Spooler -StartupType Disabled



The second workaround is to disable inbound remote printing through Group Policy by disabling the "Allow Print Spooler to accept client connections" policy to block remote attacks, and then restarting the system. After this, the system will no longer function as a print server, but local printing to a directly attached device will still be possible.