Critical Microsoft Print Spooler Vulnerability

by Christian Vindel
Desktop & Applications Architect

Microsoft has confirmed a remote code execution vulnerability regarding the Windows Print Spooler and has assigned CVE-2021-34527 for tracking purposes. The recently identified vulnerability is being publicly referred to as “PrintNightmare”. This vulnerability has a severity rating of 8 out of 10 and is marked as high.

Please be advised that while similar to the vulnerability identified in early June 2021 and tracked under CVE-2021-1675, this vulnerability is unrelated.

Microsoft has released an out-of-band security update to address this vulnerability. Please check the security table linked here for the appropriate update for the operating systems in your organization. At this time, Microsoft has not released a security patch for Windows 10 version 1607, Windows Server 2012, or Windows Server 2016. According to Microsoft, an update is forthcoming for these operating systems not yet covered under this release.

If you have operating systems in your organization not covered under this security patch, we suggest the following actions be taken to mitigate this risk:

• Ensure June 21 patches are applied.
• Verify caller is not a member of the Active Directory “Pre-Windows 2000 compatibility group”.
• Point & Print warning. Ensure the following registry value is set to 1: HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint\NoWarningNoElevationOnInstall

EnableLUA. Ensure the following registry value is set to 0: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA

Helient Systems will be contacting our Managed Services customers to plan and schedule remediation against this vulnerability. If you would like assistance planning and remediating these vulnerabilities in your own environment, please contact our experts at service@helient.com.