Posted on 07/01/2021 7:55:16 AM PDT by dayglored
[Dayglored Note: This is primarily for Windows Administrators, but is of potential concern to ALL Windows users.]
Also see:
Leaked print spooler exploit lets Windows users remotely execute code as system on your domain controller
PrintNightmare: Windows Zero-Day Accidentally Disclosed by Chinese Researchers
Public Windows PrintNightmare 0-day exploit allows domain takeover
The CERT Coordination Center (CERT/CC) has released a VulNote for a critical remote code execution vulnerability in the Windows Print spooler service, noting: “while Microsoft has released an update for CVE-2021-1675, it is important to realize that this update does not address the public exploits that also identify as CVE-2021-1675.” An attacker can exploit this vulnerability—nicknamed PrintNightmare—to take control of an affected system.
CISA encourages administrators to disable the Windows Print spooler service in Domain Controllers and systems that do not print. Additionally, administrators should employ the following best practice from Microsoft’s how-to guides, published January 11, 2021: “Due to the possibility for exposure, domain controllers and Active Directory admin systems need to have the Print spooler service disabled. The recommended way to do this is using a Group Policy Object.”
For the life of me, I don’t understand why anyone who has a choice would run Windows. It’s been a nightmare since inception.
This is a hot mess. Millions of businesses have to stop printing until Microsoft fixes this, or risk getting pwned by an active exploit in the wild? WOW.
I checked on my Win10 box where I am Admin and PrintSpooler is running.
This advisory aimed at Admins will be ignored by 99.9% of users. Especially those who like to print.
Nah, you really shouldn’t need to run print spooler on your domain controller anyway.
Omgosh, this explains what happened to our printers recently!
Sometimes you have to live with the environment you inherit because you aren’t just dealing with your preferences, you’re dealing with everyone else’s learning curve, or interoperability with other organizations you do business with.
Sadly, true. Win10 users at home don't necessarily realize that they are admins, or that the spooler is running by default, etc.
> ...those who like to print ignore security issues
99.9%, as you said.
Maybe, or maybe not. Printers, and Windows printing, have plenty of their own problems even before this came out. I don't know how widespread the exploits are yet.
Does the print spooler run on stand-alone Windows installations?
Because pretty much all business specific programs are and have been created for windows. For personal use however, Linux/Ubuntu is the way to go. No stupid long restarts on update. No a big target for hackers like windows is. The system doesn’t get bogged down over time due to updates or installing programs. Generally safer and better performing. And it’s free for the OS and programs. My favorite right now is Kubuntu with the Plasma desktop. Fast and fancy. Looks like I need to do an update right now. 10:18 Central time. brb
Yes. It's on all Windows computers, and is enabled to run by default.
Turning it off (disabling it) requires administrator-level permissions, but most standalone Windows systems have a single user (the one who set it up, or first logged in) who is an administrator.
10:18 to 10:26 - 182mb update done, no restart even though linux-firmware was 98mb of the update.
Reason 2,873 why I’m staying with, and enjoying Win-7 Pro x64.
#11 Yes and if you disable the Print spooler then you cannot print.
My tech savvy son helps me with my computer (I’m sadly lacking in skills). He told me to hit control pee to print. I said if I could do that, I wouldn’t be wearing adult diapers.
“Reason 2,873 why I’m staying with, and enjoying Win-7 Pro x64.”
Same here — we’re hooked on 7 Pro until and will stick with it to the bitter end, whenever that may come.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.