Clarified Guidance CVE-2021-34527 Windows Print Spooler Vulnerability


  • Staff
On Tuesday July 6, 2021, Microsoft issued CVE-2021-34527 regarding a Windows Print Spooler vulnerability. Updates were released on July 6 and 7 which addressed the vulnerability for all supported Windows versions. We encourage customers to update as soon as possible.

CVE-2021-34527 – Windows Print Spooler Remote Code Execution Vulnerability.

Following the out of band release (OOB) we investigated claims regarding the effectiveness of the security update and questions around the suggested mitigations.

Our investigation has shown that the OOB security update is working as designed and is effective against the known printer spooling exploits and other public reports collectively being referred to as PrintNightmare. All reports we have investigated have relied on the changing of default registry setting related to Point and Print to an insecure configuration.

Microsoft has focused its efforts on making customer protections available as quickly as possible and our guidance has been updated as our understanding of the issue has evolved. We recommend that customer follow these steps immediately:
  • In ALL cases, apply the CVE-2021-34527 security update. The update will not change existing registry settings
  • After applying the security update, review the registry settings documented in the CVE-2021-34527 advisory
  • If the registry keys documented do not exist, no further action is required
  • If the registry keys documented exist, in order to secure your system, you must confirm that the following registry keys are set to 0 (zero) or are not present:
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint
    • NoWarningNoElevationOnInstall = 0 (DWORD) or not defined (default setting)
    • UpdatePromptSettings = 0 (DWORD) or not defined (default setting)
For more in depth guidance, please see KB5005010: Restricting installation of new printer drivers after applying the July 6, 2021 updates and CVE-2021-34527.

If our investigation identifies additional issues, we will take action as needed to help protect customers.


The MSRC Team


Source: Clarified Guidance for CVE-2021-34527 Windows Print Spooler Vulnerability – Microsoft Security Response Center
 

Attachments

  • windows_security_new.png
    windows_security_new.png
    5 KB · Views: 0
Last edited:
Trouble is, if you disable the spooler, Windows gives an error so you have to use it.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self Built
    CPU
    Ryzen 9 3900x
    Motherboard
    Asus Strix x570-E
    Memory
    Corsair Dominator Platinum 32Gb@3600MHz
    Graphics Card(s)
    Asus Strix 3080 Ti OC
    Monitor(s) Displays
    Samsung Odyssey G7 32" Curved Gaming Monitor, IIYAMA XUB2792QSU-W1 27"
    Screen Resolution
    2560x1440@240Hz, 2560x1440@70Hz
    Hard Drives
    Samsung 980 Pro 1 Tb (OS), Samsung 970 Pro 1 Tb (games), Samsung 860 Evo 1Tb (data), Samsung 860 Evo 4 Tb (games), Crucial MX500 1Tb (photos), Synology DS920+ 32 Tb NAS.
    PSU
    Corsair RM850x
    Case
    Corsair Crystal 680x
    Cooling
    Corsair H100i Se Platinum, 8 Corsair QL120/140 fans
    Keyboard
    Corsair K70 RGB Mk 2 SE Rapid Fire
    Mouse
    Corsair M65 Elite
    Internet Speed
    58/12 Mbps
    Browser
    Microsoft Edge
    Antivirus
    Windows Defender + Malwarebytes
    Other Info
    Astro a50 Headset, Samsung Galaxy Tab S3 Tablet.
    Creative T6300 5.1 Speakers. TPM 2.0 Module.
  • Operating System
    Arch Linux KDE
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self Built
    CPU
    Ryzen 5600x
    Motherboard
    Asus Strix B550-E
    Memory
    Corsair Vengeance 32Gb@3200MHz
    Graphics card(s)
    Gigabyte RTX2070 Super Gaming OC
    Sound Card
    Creative Soundblaster AE-5
    Monitor(s) Displays
    Asus Strix XG43VQ 43" Ultrawide
    Screen Resolution
    3840x1200 @ 120Mhz
    Hard Drives
    Aorus Gen 4 NVMe 1 Tb (Windows Insider), Samsung 850 Pro 512Gb (data), Samsung 850 Evo 1Tb (backups), Samsung 860 Evo 2Tb (Home folder), Blu-ray player
    PSU
    Corsair RM750i
    Case
    Fractal Define R6
    Cooling
    Scythe Mugen 5 rev B and Corsair QL fans
    Mouse
    Glorious Model D
    Keyboard
    Corsair K70 RGB MK.2 Low Profile Rapidfire
    Internet Speed
    58/12 Mbps
    Browser
    Microsoft Edge
    Antivirus
    Windows Defender + Malwarebytes
    Other Info
    Corsair Virtuoso Headset
Was asked about this in another forum. The person had written a batch file to restart the spooler when it went wonky, and I suggested that he write another batch to enable and disable as needed.

A very basic one that I wrote:

Code:
@Echo off
net start spooler
Echo Print spooler is on, print away!
pause
net stop spooler
Echo The print spooler has been turned off!
pause

When you need to print:

  1. Run the batch, wait for the Press any key to continue prompt (Do NOT press any key yet)
  2. Send your print job. Wait for it to finish printing (technically, you can see if it has all sppooled to the printer, but this is, for simplicity's sake, like my 70+ yo mother, not mentioning that)
  3. Go back to the batch and press a key. You then get prompted that it has been stopped. Press any key and the batch exits.
Discussed this with a friend of mine, and we thought up ways to make it an infinite loop, like with GOTO statements, so that you can run the batch once and have it in the background, but some folks tend to forget what is in the background, so I left it simple. Would be nice if ther ewas a direct way to script this to enable the spooler on demand when sending a print job, and then automatically disable it once the spooler was done sening data to the printer. I'm sure there is, and I know that the above can also be scripted in PowerShell, bu there it is, FWIW.
 

My Computers

System One System Two

  • OS
    Windows 11 23H2 Current build
    Computer type
    PC/Desktop
    Manufacturer/Model
    HomeBrew
    CPU
    AMD Ryzen 9 3950X
    Motherboard
    MSI MEG X570 GODLIKE
    Memory
    4 * 32 GB - Corsair Vengeance 3600 MHz
    Graphics Card(s)
    EVGA GeForce RTX 3080 Ti XC3 ULTRA GAMING (12G-P5-3955-KR)
    Sound Card
    Realtek® ALC1220 Codec
    Monitor(s) Displays
    2x Eve Spectrum ES07D03 4K Gaming Monitor (Matte) | Eve Spectrum ES07DC9 4K Gaming Monitor (Glossy)
    Screen Resolution
    3x 3840 x 2160
    Hard Drives
    3x Samsung 980 Pro NVMe PCIe 4 M.2 2 TB SSD (MZ-V8P2T0B/AM) } 3x Sabrent Rocket NVMe 4.0 1 TB SSD (USB)
    PSU
    PC Power & Cooling’s Silencer Series 1050 Watt, 80 Plus Platinum
    Case
    Fractal Design Define 7 XL Dark ATX Full Tower Case
    Cooling
    NZXT KRAKEN Z73 73.11 CFM Liquid CPU Cooler (3x 120 mm push top) + Air 3x 140mm case fans (pull front) + 1x 120 mm (push back) and 1 x 120 mm (pull bottom)
    Keyboard
    SteelSeries Apex Pro Wired Gaming Keyboard
    Mouse
    Logitech MX Master 3S | MX Master 3 for Business
    Internet Speed
    AT&T LightSpeed Gigabit Duplex Ftth
    Browser
    Nightly (default) + Firefox (stable), Chrome, Edge
    Antivirus
    Defender + MB 5 Beta
  • Operating System
    ChromeOS Flex Dev Channel (current)
    Computer type
    Laptop
    Manufacturer/Model
    Dell Latitude E5470
    CPU
    Intel(R) Core(TM) i5-6300U CPU @ 2.40GHz, 2501 Mhz, 2 Core(s), 4 Logical Processor(s)
    Motherboard
    Dell
    Memory
    16 GB
    Graphics card(s)
    Intel(R) HD Graphics 520
    Sound Card
    Intel(R) HD Graphics 520 + RealTek Audio
    Monitor(s) Displays
    Dell laptop display 15"
    Screen Resolution
    1920 * 1080
    Hard Drives
    Toshiba 128GB M.2 22300 drive
    INTEL Cherryville 520 Series SSDSC2CW180A 180 GB SATA III SSD
    PSU
    Dell
    Case
    Dell
    Cooling
    Dell
    Mouse
    Logitech MX Master 3S (shared w. Sys 1) | Dell TouchPad
    Keyboard
    Dell
    Internet Speed
    AT&T LightSpeed Gigabit Duplex Ftth
So an OOB patch is available. How do we get that for Windows 11? Windows 11 is not in the list.
In general how are such security patches made available to the Insider 11? This was a concern I had at the start.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro x64
    Computer type
    PC/Desktop
    Manufacturer/Model
    DIY Photoshop/Game/tinker build
    CPU
    Intel i9 1300KS
    Motherboard
    Asus ROG Maximus Z90 Dark Hero
    Memory
    64GB (2x32) G.skill Trident Z5 RGB 6400 MHZ 32-39-39
    Graphics Card(s)
    Asus ROG Strix 4070 Ti OC
    Sound Card
    Onboard Audio, Vanatoo Transparent One; Klipsch R-12SWi Sub; Creative Pebble Pro Minimilist
    Monitor(s) Displays
    Eizo CG2730, ViewSonic VP2768
    Screen Resolution
    2560 x 1440p x 2
    Hard Drives
    WDC SN850 1TB nvme, SK-Hynix 2 TB P41 nvme, Raid 0: 1TB 850 EVO + 1TB 860 EVO SSD. Sabrent USB-C DS-SC5B 5-bay docking station: 6TB WDC Black, 6TB Ironwolf Pro; 2x 2TB WDC Black
    PSU
    850W Seasonic Vertex PX-850
    Case
    Fractal Design North XL Mesh, Black Walnut
    Cooling
    EKWB 360 Nucleus Dark AIO w/Phanteks T30-120 fans, 1 Noctua NF-A14 Chromax case fan
    Keyboard
    Glorious GMMK TKL mechanical, lubed modded
    Mouse
    Logitech G305 wireless gaming
    Internet Speed
    380 Mb/s down, 12 Mb/s up
    Browser
    Firefox
    Antivirus
    Defender, Macrium Reflect 8 ;-)
  • Computer type
    Laptop
    Manufacturer/Model
    Apple 13" Macbook Pro 2020 (m1)
    CPU
    Apple M1
    Screen Resolution
    2560x1600
    Browser
    Firefox
I see the patch was included in the July 15th 22000.71 update. From the release notes:

"We fixed a remote code execution exploit in the Windows Print Spooler service, known as “PrintNightmare”, as documented in CVE-2021-34527. For more information, see KB5004945."

WHY Wasn't that mentioned here ????

I have also applied the recommended group policy client restriction.
 
Last edited:

My Computers

System One System Two

  • OS
    Windows 11 Pro x64
    Computer type
    PC/Desktop
    Manufacturer/Model
    DIY Photoshop/Game/tinker build
    CPU
    Intel i9 1300KS
    Motherboard
    Asus ROG Maximus Z90 Dark Hero
    Memory
    64GB (2x32) G.skill Trident Z5 RGB 6400 MHZ 32-39-39
    Graphics Card(s)
    Asus ROG Strix 4070 Ti OC
    Sound Card
    Onboard Audio, Vanatoo Transparent One; Klipsch R-12SWi Sub; Creative Pebble Pro Minimilist
    Monitor(s) Displays
    Eizo CG2730, ViewSonic VP2768
    Screen Resolution
    2560 x 1440p x 2
    Hard Drives
    WDC SN850 1TB nvme, SK-Hynix 2 TB P41 nvme, Raid 0: 1TB 850 EVO + 1TB 860 EVO SSD. Sabrent USB-C DS-SC5B 5-bay docking station: 6TB WDC Black, 6TB Ironwolf Pro; 2x 2TB WDC Black
    PSU
    850W Seasonic Vertex PX-850
    Case
    Fractal Design North XL Mesh, Black Walnut
    Cooling
    EKWB 360 Nucleus Dark AIO w/Phanteks T30-120 fans, 1 Noctua NF-A14 Chromax case fan
    Keyboard
    Glorious GMMK TKL mechanical, lubed modded
    Mouse
    Logitech G305 wireless gaming
    Internet Speed
    380 Mb/s down, 12 Mb/s up
    Browser
    Firefox
    Antivirus
    Defender, Macrium Reflect 8 ;-)
  • Computer type
    Laptop
    Manufacturer/Model
    Apple 13" Macbook Pro 2020 (m1)
    CPU
    Apple M1
    Screen Resolution
    2560x1600
    Browser
    Firefox
Because the topic of this thread is actually a different KB?
 

My Computers

System One System Two

  • OS
    Windows 11 23H2 Current build
    Computer type
    PC/Desktop
    Manufacturer/Model
    HomeBrew
    CPU
    AMD Ryzen 9 3950X
    Motherboard
    MSI MEG X570 GODLIKE
    Memory
    4 * 32 GB - Corsair Vengeance 3600 MHz
    Graphics Card(s)
    EVGA GeForce RTX 3080 Ti XC3 ULTRA GAMING (12G-P5-3955-KR)
    Sound Card
    Realtek® ALC1220 Codec
    Monitor(s) Displays
    2x Eve Spectrum ES07D03 4K Gaming Monitor (Matte) | Eve Spectrum ES07DC9 4K Gaming Monitor (Glossy)
    Screen Resolution
    3x 3840 x 2160
    Hard Drives
    3x Samsung 980 Pro NVMe PCIe 4 M.2 2 TB SSD (MZ-V8P2T0B/AM) } 3x Sabrent Rocket NVMe 4.0 1 TB SSD (USB)
    PSU
    PC Power & Cooling’s Silencer Series 1050 Watt, 80 Plus Platinum
    Case
    Fractal Design Define 7 XL Dark ATX Full Tower Case
    Cooling
    NZXT KRAKEN Z73 73.11 CFM Liquid CPU Cooler (3x 120 mm push top) + Air 3x 140mm case fans (pull front) + 1x 120 mm (push back) and 1 x 120 mm (pull bottom)
    Keyboard
    SteelSeries Apex Pro Wired Gaming Keyboard
    Mouse
    Logitech MX Master 3S | MX Master 3 for Business
    Internet Speed
    AT&T LightSpeed Gigabit Duplex Ftth
    Browser
    Nightly (default) + Firefox (stable), Chrome, Edge
    Antivirus
    Defender + MB 5 Beta
  • Operating System
    ChromeOS Flex Dev Channel (current)
    Computer type
    Laptop
    Manufacturer/Model
    Dell Latitude E5470
    CPU
    Intel(R) Core(TM) i5-6300U CPU @ 2.40GHz, 2501 Mhz, 2 Core(s), 4 Logical Processor(s)
    Motherboard
    Dell
    Memory
    16 GB
    Graphics card(s)
    Intel(R) HD Graphics 520
    Sound Card
    Intel(R) HD Graphics 520 + RealTek Audio
    Monitor(s) Displays
    Dell laptop display 15"
    Screen Resolution
    1920 * 1080
    Hard Drives
    Toshiba 128GB M.2 22300 drive
    INTEL Cherryville 520 Series SSDSC2CW180A 180 GB SATA III SSD
    PSU
    Dell
    Case
    Dell
    Cooling
    Dell
    Mouse
    Logitech MX Master 3S (shared w. Sys 1) | Dell TouchPad
    Keyboard
    Dell
    Internet Speed
    AT&T LightSpeed Gigabit Duplex Ftth
It is the same CVE, just different updated info
Because the topic of this thread is actually a different KB?

It is the same CVE, just different updated info in the KB. The fix is in 22000.71 as per my quote from the release notes.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro x64
    Computer type
    PC/Desktop
    Manufacturer/Model
    DIY Photoshop/Game/tinker build
    CPU
    Intel i9 1300KS
    Motherboard
    Asus ROG Maximus Z90 Dark Hero
    Memory
    64GB (2x32) G.skill Trident Z5 RGB 6400 MHZ 32-39-39
    Graphics Card(s)
    Asus ROG Strix 4070 Ti OC
    Sound Card
    Onboard Audio, Vanatoo Transparent One; Klipsch R-12SWi Sub; Creative Pebble Pro Minimilist
    Monitor(s) Displays
    Eizo CG2730, ViewSonic VP2768
    Screen Resolution
    2560 x 1440p x 2
    Hard Drives
    WDC SN850 1TB nvme, SK-Hynix 2 TB P41 nvme, Raid 0: 1TB 850 EVO + 1TB 860 EVO SSD. Sabrent USB-C DS-SC5B 5-bay docking station: 6TB WDC Black, 6TB Ironwolf Pro; 2x 2TB WDC Black
    PSU
    850W Seasonic Vertex PX-850
    Case
    Fractal Design North XL Mesh, Black Walnut
    Cooling
    EKWB 360 Nucleus Dark AIO w/Phanteks T30-120 fans, 1 Noctua NF-A14 Chromax case fan
    Keyboard
    Glorious GMMK TKL mechanical, lubed modded
    Mouse
    Logitech G305 wireless gaming
    Internet Speed
    380 Mb/s down, 12 Mb/s up
    Browser
    Firefox
    Antivirus
    Defender, Macrium Reflect 8 ;-)
  • Computer type
    Laptop
    Manufacturer/Model
    Apple 13" Macbook Pro 2020 (m1)
    CPU
    Apple M1
    Screen Resolution
    2560x1600
    Browser
    Firefox

Latest Support Threads

Back
Top Bottom