Microsoft’s ‘PrintNightmare’ Windows patch accidentally broke people’s connection to their printers

Microsoft had to roll out patches for Windows Server, Windows 10, Windows 8.1, and even Windows 7

Adam Smith
Friday 09 July 2021 13:03 BST
Comments
Microsoft Secret Surveillance
Microsoft Secret Surveillance (Copyright 2021 The Associated Press. All rights reserved)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

An emergency update issued to Windows 10 by Microsoft to stop a printer exploit bug made users lose access to their printers.

Users that installed the ‘PrintNightmare’ patch, which stops hackers using a critical flaw in the Windows Print Spooler software that could result in malicious individuals running code as administrators on machines, discovered that they could not connect to their printers.

Researchers had discovered the tweeted in May that they had found the vulnerability, but accidentally made the proof-of-concept available online. Although they quickly deleted it, it was shared elsewhere including on Microsoft-owned GitHub.

Microsoft acknowledged the problem on its website: “After installing this update, you might have issues printing to certain printers. Most affected printers are receipt or label printers that connect via USB”, it said.

“This issue is resolved using Known Issue Rollback (KIR). Please note that it might take up to 24 hours for the resolution to propagate automatically to consumer devices and non-managed business devices. Restarting your Windows device might help the resolution apply to your device faster. For enterprise-managed devices that have installed an affected update and encountered this issue, it can be resolved by installing and configuring a special Group Policy.”

The problem can be solved by installing the patch or reinstalling the printer as an administrator after updating the computer. Microsoft has had to issue patches for Windows Server, Windows 10, Windows 8.1, and even Windows 7.

“This vulnerability is indeed serious because it allows cybercriminals to gain access to other computers within an organisation's network. Since the exploit is publicly available, a lot of fraudsters will take advantage of it. Therefore, we urge all users to apply the latest security updates for Windows,” said Evgeny Lopatin, security expert at Kaspersky.

This is the latest in a series of security concerns for Windows this year. In March, Microsoft said that it had found major vulnerabilities in its Exchange Server tools, which is used to run email and calendars for many large companies.

Less than two weeks later a problem with the Adobe Type Manager Library, which collects fonts together, caused by a particular font meant the operating system could be taken over by hackers.

However, it is claimed that the local privilege escalation (LPE) hole remains vulnerable even after the fix, which means is it still possible an authenticated user to get admin-level privileges on a local or remote machine running the Windows print spooler service, The Register reports.

Microsoft said that it was "aware of claims and are investigating, but at this time we are not aware of any bypasses.”

The company continued: "We have seen claims of bypass where an administrator has changed default registry settings to an unsecure configuration. See CVE-2021-34527 guidance for more information on settings required to secure your system”, adding that “if our investigation identifies additional issues, we will take action as needed to help protect customers."

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in