The repair, although, implies that solely directors will be capable of set up print drivers on Home windows PCs.
Microsoft has lastly patched the final in a sequence of safety vulnerabilities in its Home windows Print Spooler service that would have allowed attackers to remotely management an affected system and set up malicious applications or create new accounts. On Tuesday, the corporate pushed out its August Patch Tuesday lineup, which included a repair for the Print Spooler Distant Code Execution Vulnerability to deal with this particular subject.
SEE: The ten most essential cyberattacks of the last decade (free PDF) (TechRepublic)
This is not the primary time Microsoft has tried to squash persistent bugs associated to the Home windows Print Spooler service. In June, the corporate pushed out a repair to cope with one flaw.
Then in early July, it rolled out an emergency patch for an additional Print Spooler vulnerability dubbed PrintNightmare. Affecting all 40 variations of Home windows, even older and unsupported ones, this flaw involved a difficulty with RpcAddPrinterDriverEx(), a operate that lets customers set up or replace a print driver.
Although the most recent patch hopefully fixes these Print Spooler vulnerabilities for good, there’s one main draw back. You now want administrator privileges to put in a print driver. That seemingly will probably be a difficulty at organizations the place customers usually are not given admin rights particularly for safety causes. Now, assist desk and IT workers should step it anytime a brand new driver for a community printer must be put in.
“Home windows updates launched August 10, 2021 and later will, by default, require administrative privilege to put in drivers,” Microsoft mentioned in a brand new help doc. “We made this transformation in default habits to deal with the danger in all Home windows units, together with units that don’t use Level and Print or print performance.”
Customers will not be capable of set up new printers or replace current ones utilizing print drivers from a distant laptop or server, Microsoft defined. A discover from the Microsoft Safety Response Heart delves additional into this conundrum, asserting that the safety threat justifies this transformation. Prospects can disable this requirement by way of a Registry hack, however the MSRC people mentioned doing so would expose you to recognized vulnerabilities within the Home windows Print Spooler service.
“The TLDR (Too Lengthy Did not Learn) is that Microsoft was lastly uninterested in bugs like CVE-2021-3448 and moved to solely permit directors to put in print drivers,” Jerry Gamblin, Kenna Safety director of safety analysis, advised TechRepublic. “It seems that Microsoft is admitting defeat within the means to safe the print spool sufficient for non-admin customers to manage it, and this fashion will be capable of fall again on ‘you must be an administrator’ on future bugs, which is able to make them much less impactful.”
Past the Print Spooler fixes, the updates on this month’s Patch Tuesday tackle 51 completely different vulnerabilities, which Gamblin known as a “quiet” month. The lineup consists of 17 Elevation of Privilege Vulnerabilities, 13 Distant Code Execution Vulnerabilities and two Denial of Service Vulnerabilities.
“CVE-2021-36948, an elevation of privilege vulnerability within the Home windows Replace Medic Service, is being reported as being exploited within the wild by Microsoft,” Gamblin mentioned. “Nonetheless, now we have seen no proof of it at Kenna Safety presently. All three zero-days this month are what I check with as ‘BigFoot Zero-days’ as there was no public affirmation of them current. Total this month lastly has no surprises that ought to cease you from patching in your regular patch cadence.”