Non-administrators may see a ‘Do you trust this printer’ dialog box, following the installation of August 2021 Windows updates. Below is a summary of problems that we’ve seen, and our latest advice for tackling a solution: Problem How do I restore printing in my environment after applying the patches?Īs we have seen across every organization (including those not using PaperCut), these patches have been highly disruptive to printing. Restrict “Point and Print” on member servers and clients that require the ability to print as per the instructions in the Microsoft knowledge base article.Setting the “Allow Print Spooler to accept client connections:” group policy to disabled on systems that don’t need to accept print jobs from other systems.Disabling the Spooler Service on any member server or client that doesn’t need to print.Patch all print servers with the patches in the Microsoft Advisory.Not using a Domain Controller as a Print Server.accessible only from your internal network) Ensure that any Microsoft Windows Print Servers are isolated from the internet ( e.g.As always organisations should evaluate this internally and with respect to their own risk management procedures: We strongly recommend that you patch any system that needs to expose the Microsoft Windows print spooler to the network as a priority.īased on the 6th July 2021 update( version 2.0) to the Microsoft advisory PaperCut believes the following work-arounds and configurations form a reasonable balance between security and maintaining the ability to print. We recommend each customer evaluate that risk for themselves and if appropriate consider the mitigations approaches set out in this article. PaperCut strongly recommends that you read the Microsoft Advisory for yourself to understand the impact of and scope of the recommended work-arounds and mitigations. I haven’t installed the patches yet, what can I do? PaperCut strongly recommends that you apply the patch to all Microsoft Windows systems prioritizing systems that have the Microsoft Windows print spooler service exposed to your network. They are available via Windows Update or from the links on the Advisory. Microsoft has released multiple patches and fixes surrounding these vulnerabilities. It is important to note that the attacker needs to be authenticated against the remote system for the attack to be possible. You should read the advisory from Microsoft (updated with security patch information on July 6, 2021). Generally this (and subsequent patches and fixes from Microsoft) has been referred to as ‘PrintNightmare’ - but also gets mentioned as CVE-2021–1675, CVE-2021–34527 and CVE-2021–34481. “Print Nightmare” is a bug in the Windows spooler service that under some circumstances can result in an attacker being able to remotely run code on a Microsoft Windows system as the local SYSTEM user.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |