Windows 10 PrintNightmare vulnerability Patched Again
Microsoft fixed the Print Spooler vulnerability known as PrintNightmare. Microsoft issued an emergency fix and soon after, researchers found a way around the fix. Microsoft has what maybe a final solution for the issue. The Windows 10 August 2021 Patch Tuesday security updates the operating system so that it will require people to have administrative privileges to install printer drivers with the Point and Print feature. Microsoft's investigation into the vulnerabilities collectively referred to as PrintNightmare has determined that the default behavior of Point and Print does not provide users with the level of security required to protect against potential attacks. The PrintNightmare vulnerability allows users with low privileges to open a command prompt with SYSTEM privileges.
The patch isn't without issues. Anyone with a V3 style of print driver is having their users be prompted to reinstall drivers or install new drivers. When the print server is on Server 2016, the printers are pushed out via Group Policy, and the printer driver from the vendor is a V3 driver, it triggers the reinstallation of print drivers. When the patch is on the workstation and not on the server, it still triggers a reinstallation of the print drivers. One of the solutions is to ensure you have V4 printer drivers deployed in your network. But it's often hard to determine if drivers are V3 or V4. In the case of Hewlett Packard printers, PCL 6 denotes V3, whereas PCL-6 (with the hyphen) denotes V4. You may have to deploy the drivers on a test virtual machine in order to determine exactly what printer driver you have.
Another problem with the update is that it may affect organizations with networked printers, where admins will have to install the printers instead of letting the users install printer driver updates from a remote server. Microsoft has a way to disable this with a registry key, but it has advised against doing so. Knowledge base article KB5005652 where it explains how it changes the default behaviors, even in devices that don't use Point and Print or print functionality. Microsoft, however, believes security benefits outweigh the costs in time. Disabling it will expose your system to the vulnerabilities in the Windows Print Spooler service.
As for the other PrintNightmare bug, there is still no patch, and the only workaround is to disable the print spooler. If you are running a business and you need to print, you can do the following. Review what servers and computers absolutely have to print. Reconsider printing a specific right that you grant only to those in your network who really need that right, instead of having the print spooler service automatically enabled throughout your network. Disable the service on all domain controllers and keep it that way until a patch is released. Disable the print server role on workstations unless they have to print.