Corsair H170i Elite Capellix XT review
Forspoken: PC performance graphics benchmarks
ASRock Z790 Taichi review
The Callisto Protocol: PC graphics benchmarks
G.Skill TridentZ 5 RGB 6800 MHz CL34 DDR5 review
Be Quiet! Dark Power 13 - 1000W PSU Review
Palit GeForce RTX 4080 GamingPRO OC review
Core i9 13900K DDR5 7200 MHz (+memory scaling) review
Seasonic Prime Titanium TX-1300 (1300W PSU) review
F1 2022: PC graphics performance benchmark review
Microsoft warns about new vulnerability "PrintNightmare"
In the Windows print queue (from Windows 7 on) is a vulnrebility to be found, Microsoft alerts users about the CVE-2021-34527 vulnerability called "PrintNightmare". it enables attackers to execute code on their machine remotely. This vulnerability can lead to a problem.
The vulnerability has been there for some years, but nothing was known until this week, when a Research Group released a kit on Github on how to exploit the weakness, assuming that it had been addressed earlier in June when Microsoft corrected another Windows Spool issue. The researchers believed that it was PrintNightmare, and because they thought it had been addressed before, they showed how to use it, but it turns out that it wasn't corrected and that millions of machines have now been exposed to severe safety problems.
Solving it
Since the vulnerability is present in multiple versions of Windows and has not yet been patched, Microsoft made certain recommendations to users to restrict access to the spooler service:
- If you don't have a printer: Disable the "Print queue" service.
- If you have a printer: Go to "Edit Group Policies", select "Computer Configuration", select "Administrative Templates", select "Printers", and disable the option "Allow the print job manager to accept client connections"
Microsoft looking at graphics machine learning development, potential DLSS equivalent? - 07/05/2021 09:04 AM
Microsoft is seeking a software developer in the segment of machine learning to enhance the computing power of graphics from current consoles....
Advertorial: Great Microsoft Windows 10 Pro Deal with URcdkey - 07/02/2021 08:10 AM
Nowadays, many users often continue to use unlicensed software. But this is a rather controversial way of saving. And now we are talking not so much about its illegality as about the danger of all k...
Microsoft removes application to verify Windows 11 requirements - relaxes requirements - 06/29/2021 04:51 PM
Earlier on, we reported a handy tool that verifies if your PC is compatible with the new Windows 11, which was short-lived as Microsoft removed it after several failures in the detection mechanism....
Microsoft Releases First Windows 11 Insider Preview Build - 06/29/2021 08:48 AM
Things are moving fast with Windows 11 now, two weeks ago we did not even know of its existence, today Microsoft released the first official Windows 11 Insider Preview. With this beta, developers and ...
Microsoft removes mandatory >1TB storage requirement for DirectStorage NVMe SSDs - 06/29/2021 08:37 AM
DirectStorage initially had a requirement of volume size, that value was 1TB, which now seems to have been changed. ...
schmidtbag
Senior Member
Posts: 7163
Joined: 2012-11-10
Senior Member
Posts: 7163
Joined: 2012-11-10
#5926860 Posted on: 07/05/2021 03:57 PM
How has MS not figured out yet that the reason their OS has always been plagued with security issues is because they keep opening up access to everything?
How has MS not figured out yet that the reason their OS has always been plagued with security issues is because they keep opening up access to everything?
dragonlord
Senior Member
Posts: 211
Joined: 2005-02-17
Senior Member
Posts: 211
Joined: 2005-02-17
#5926879 Posted on: 07/05/2021 05:40 PM
My understanding is that end users who have patched via WIndows Update in June are already protected/mitigated from this. The current issue is with businesses running Active Directory and so that will be patched soon. Meanwhile, there are mitigation workarounds to address this for business IT admins.
Please correct me if I am wrong about this.
My understanding is that end users who have patched via WIndows Update in June are already protected/mitigated from this. The current issue is with businesses running Active Directory and so that will be patched soon. Meanwhile, there are mitigation workarounds to address this for business IT admins.
Please correct me if I am wrong about this.
tsunami231
Senior Member
Posts: 13380
Joined: 2003-05-24
Senior Member
Posts: 13380
Joined: 2003-05-24
#5926881 Posted on: 07/05/2021 05:48 PM
printer spool service? i have had that "manual" for decades i only turn it on when I actual need to print something, and I almost never do that. which manybe 3 times year? if that and i turn right off after doing so. I knew there was reason why I turn off printer spool
printer spool service? i have had that "manual" for decades i only turn it on when I actual need to print something, and I almost never do that. which manybe 3 times year? if that and i turn right off after doing so. I knew there was reason why I turn off printer spool
kakiharaFRS
Senior Member
Posts: 952
Joined: 2015-11-21
Senior Member
Posts: 952
Joined: 2015-11-21
#5926882 Posted on: 07/05/2021 05:48 PM
another printer/spooler thing exploit wasn't that already a problem like 10 years ago (quick search found me 2010-2012-2013 already...)
edit: thx tsunami completely forgot to do it when I installed my current pc from scratch
another printer/spooler thing exploit wasn't that already a problem like 10 years ago (quick search found me 2010-2012-2013 already...)
edit: thx tsunami completely forgot to do it when I installed my current pc from scratch
Click here to post a comment for this news story on the message forum.
Senior Member
Posts: 756
Joined: 2008-03-03
Its "Print Spooler" on 7.