What is PrintNightmare

Originally this issues was due to CVE-2021-1675 and you simply applied a patch released in June to fix it.

However, another vulnerably was discovered a short time later CVE-2021-34527. There is currently no patch for this vulnerability.

This is an emerging situation and we will continue to update this page.

What computers are affected?

The vulnerability appears to affect all version of Windows running the printer spooler service. This services is required to both print or act as a print server. It’s still unclear exactly what Windows versions are affected, we are waiting for more details from Microsoft.

How do I secure my computer?

There is no patch for this vulnerability.

If the computer does not need to print or is not a print server, disable the “print spooler” service. Berkeley Lab requires this action for Domain Controllers.

If the computer does need to print or is a print server, use ACLs to prevent malicious .dll from being introduced. Berkeley Lab recommends this action for print servers.

What mitigations are in place?

There are two primary mitigations at the Lab at this time.

the port used by the printer spooler service (135/tcp and 445/tcp) are blocked at the border
the vulnerability requires an authenticated user to exploit

The mitigations are likely insufficient to protect an attractive target such as a Domain Controller (DC), which is what lead to email being set to all DC contact to disable the printer spooler service.