Critical ‘PrintNightmare’ bug in Microsoft’s Windows tech is still causing headaches
More than a week later, Microsoft is still trying to shake off its PrintNightmare.
That’s the nickname for a bug for which a proof-of-concept exploit accidentally published online on June 30. Microsoft on Tuesday issued an emergency update for the critical flaw, which affects all versions of Windows’ Print Spooler that manages interactions between computers and printers. The vulnerability could allow hackers to take over computers remotely.
But on Thursday Microsoft had to fend off claims from researchers that its patch didn’t work.
“Our investigation has shown that the … security update is working as designed and is effective against the known printer spooling exploits and other public reports collectively being referred to as PrintNightmare,” the company wrote. “All reports we have investigated have relied on the changing of default registry setting related to Point and Print to an insecure configuration.”
Previously, the patch had encountered other problems, such as breaking connections to some brands of printers. Microsoft acknowledged that issue, and recommended rolling back the patch to fix it.
Microsoft also faced criticism for initially labeling a similar vulnerability as low-risk in an earlier update.
The bug was bad enough to warrant an alert from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. It also prompted Microsoft to issue a security update for Windows 7, which the company ended support for back in January of 2020.
The vulnerability first sprung into view when Chinese researchers at Sangfor accidentally released the proof-of-concept code in advance of a planned talk at of the Black Hat conference in Las Vegas that kicks off this month.
It’s not the first time Print Spooler has dealt with wide-spanning vulnerabilities. Last summer, researchers discovered a denial of service vulnerability that affected versions of Windows as old as Windows 2000.