Syntax Bearror

Top Menu

  • Home
  • PowerShell Resource
  • SpiceWorld 2019 Resources
  • Contact Us
  • About Us

Main Menu

  • Home
  • Blog
  • IT Guides
  • How-To’s
  • IT Fixes
  • Cybersecurity
  • Reviews
  • Home
  • PowerShell Resource
  • SpiceWorld 2019 Resources
  • Contact Us
  • About Us

logo

Header Banner

Syntax Bearror

  • Home
  • Blog
  • IT Guides
  • How-To’s
  • IT Fixes
  • Cybersecurity
  • Reviews
Blog
Home›Blog›PrintNightmare Part III – Patching and Remediation Updates

PrintNightmare Part III – Patching and Remediation Updates

By Christopher
July 9, 2021
1392
0
Share:

As another week goes by, we have new updates to report regarding CVE-2021-34527 or PrintNightmare. Here’s the latest you need to know. We’ve also posted some PowerShell scripts to help apply the registry keys available over on our GitHub.

Patch Availability

Microsoft has released an out-of-band patch for PrintNightmare. You can find the appropriate KB number for your system by visiting the MSRC page on the vulnerability – CVE-2021-34527.

How Do We Further Mitigate Risk?

In addition to the patch, you still have to change three registry keys in order to secure the service, else, the system will remain vulnerable in some form or another, related to the Point and Print functionality. There’s also an alteration to one value if you’ve already set them.

The three keys you need to set are located here: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint. Chances are you will need to create the Printers key and the PointAndPrint key if you haven’t already.

The values you have to create and set in addition to installing the patch are:

  • NoWarningNoElevationOnInstall = 0
    This tells the OS to show a UAC prompt to confirm, provided UAC enabled
  • UpdatePromptSettings = 0
    This tells the OS to show a UAC prompt to confirm, provided UAC enabled
  • RestrictDriverInstallationToAdministrators = 1
    This disables delegation and non-users from installing unsigned printer drivers

Note: Earlier guidance mentioned a value of NoWarningNoElevationOnUpdate. This is actually UpdatePromptSettings. This was confusion from earlier guidance provided by Microsoft.

If you need to deploy this among multiple systems, please check out our GitHub for some PowerShell scripts to help you deploy the registry changes across systems.

Beyond these changes, a good resource for determining if a system is vulnerable post patching is shown in this great flowchart shared below by CERT. Click the image to view it in full size.

Vulnerability Path Workflow

Anything Else?

If you can’t deploy the patch yet, please still follow the mitigations based on your setup outlined in the Part II blog posted last week. We’ll be posting broad hardening options in the coming weeks to help fellow sysadmins to better secure and control the Print Spooler service. Security researchers have also mentioned that additional vulnerabilities may soon be disclosed and I’ll do my best to do a write-up on them as I can.

TagsPointAndPrintPrintNightmare
Previous Article

Bear Security – Security News for the ...

Next Article

Bear Security – Security News for the ...

Share:

Christopher

Christopher Clai is a Senior Security Engineer, IT Generalist, and Developer from Chicago, IL with over 20 years of experience in Information Technology ranging from small businesses to Fortune 500's. Chris loves the Pacific Northwest, Sushi, Invader Zim, Rugby, World of Warcraft, raves, and is an avid user of Microsoft and Linux-based technologies.

Related articles More from author

  • Colorado Flag Waving
    Bear Security

    Bear Security – Security News for the Week of July 19th, 2021

    July 19, 2021
    By Christopher
  • Collage Photo Representing Story
    Bear Security

    Bear Security – Security News for the Week of July 12th, 2021

    July 12, 2021
    By Christopher
  • Bear Security

    Bear Security – Security News for the Week of July 5th, 2021

    July 5, 2021
    By Christopher
  • Blog

    PrintNightmare Part II – Print Spooler Remains Vulnerable Across Windows

    July 3, 2021
    By Christopher
  • Blog

    Introducing a “Professional Ninja” of IT

    December 26, 2014
    By Christopher
  • Blog

    Should the EC-Council Remain a Standard in Cybersecurity After Sexist Poll?

    April 9, 2021
    By Christopher

Leave a reply Cancel reply

  • Bestek Desk Mountable Plugs and USB Charger
    Reviews

    Reviewing the Mountable Bestek Power Strip with USB

  • Cybersecurity

    Report – Meltdown and Spectre Understanding and Remediation Strategy

  • Blog

    Microsoft Ignite 2021 – Day 2 Quick Recap

Follow Us on Social

See the Syntax at These Events

All appearances for 2020 have been cancelled due to COVID-19. Stay safe out there and see you all at events in 2021!

Like This Content?

Help Sytnax Bearror create more content, videos, podcasts, scripts, and more by contributing to our caffiene and technology addictions.

Subscribe to our Patreon

Buy Us a Coffee

Most Popular

How To's

How to Root AT&T Samsung S5 G900A (Up to Lollipop 5.0)

  • Dell Laptops Showing “Press Power Button and Volume Down to Login”

    By Christopher
    September 13, 2019
  • Windows 10 Locking Up Intermittently with File Operations

    By Christopher
    October 24, 2015
  • Screenshot of Windows Background

    Realtek Audio Glitches on Windows Insider Builds 18965 and 18970

    By Christopher
    September 3, 2019
  • Microsoft Azure Site-to-Site VPN: Can Ping Workstations, No RDP After Prior Success

    By Christopher
    June 5, 2015

Latest Tweets

  • IL residents, be sure to opt out of this grotesque Clearview AI system now that you can! https://t.co/VmZTUI1Iuv

    May 10, 2022
  • So... USPS charges me $8.15 to deliver a Priority Mail envelope back in October 2021. I just had to pay them $8.75… https://t.co/auNQ8fPJN2

    May 10, 2022
  • The number of unauthenticated redirects I keep coming across is way too damn high >_<. Sending all these "fix your… https://t.co/oVXlLZEaVp

    Apr 27, 2022

Categories

Bear Security Blog Cybersecurity How To's IT Fixes Reviews

Copyright Statement

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
©2014 - 2021 - SyntaxBearror.io. All rights reserved unless otherwise noted.