Microsoft: Install the PrintNightMare hotfix right now – then check this PC parameter

Microsoft allows Windows users to update their systems as soon as possible, taking an unusual step to release PrintNnightMare security patches for even versions out of the operating system. Potential hacking, described as “critical” by Microsoft, is already considered to be actively exploited in the wild. 

The culprit, Microsoft says, is the Windows front spooler service. Normally, this is the Windows part that manages printer work, including network computers. However, hackers have understood a way to use it to install their own code on PC.

“A remote code execution vulnerability exists when the Windows Print Spooler service runs privileged file operations,” explains Microsoft. “An attacker who has successfully exploited this vulnerability could perform arbitrary code with system privileges. An attacker could then install programs; see, modify or delete data; or create new accounts with complete user rights.”

The existence of vulnerability has been revealed prematurely, after security researchers announced their discovery thinking that Microsoft had already pushed a patch for the fault. In fact, it turned out that it was an update for a different problem with the Windows print spooler. As a result, Microsoft has been left to get married to prepare a new solution.

The first part of this one was pushed earlier this week, with updates for a global Windows system host, including Windows 10 and Windows Server 2012. Microsoft followed with a new version of other patches. “An update has been published for all available versions of Windows still in support,” the company said.

However, by reflecting how serious this potential exploit is, Microsoft has also prepared updates that will address it on out-of-support versions. This includes Windows 7, official safety support for which ends in 2020.

Depending on the operating system version your PC is running, you can access the security patch in different ways. The easiest, for consumers, is probably to use Windows Update. This can automatically install periodic updates, but you can access it manually and load the patch immediately instead.

“We recommend that you install these updates immediately” Microsoft warned.

Once the hotfix is ​​installed, you must take a moment to verify that the Windows registry has been updated appropriately. Microsoft explains what to look for:

“In order to secure your system, you must confirm that the following registry settings are set to 0 (zero) or are not defined (Note: These registry keys do not exist by default, and therefore are already at the secure setting.):

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint

NoWarningNoElevationOnInstall = 0 (DWORD) or not defined (default setting)

NoWarningNoElevationOnUpdate = 0 (DWORD) or not defined (default setting)

Having NoWarningNoElevationOnInstall set to 1 makes your system vulnerable by design.”

The new patches also include protections for CVE-2021-1675, the other Windows Print Spooler service exploit.