Skip to main content

PrintNightmare isn’t over, as Windows is hit with another printing vulnerability

The vulnerabilities in the Windows Print Spooler service just won’t end for Microsoft. Despite a recent patch, a cybersecurity researcher has managed to exploit a new bug in the spooler — showing how someone with bad intent can gain administrative privileges in Windows by using a custom print server.

The new vulnerability works only in a specific situation but is still concerning since it’s not patched. Security researcher Benjamin Delpy showcased the inner workings of the vulnerability on his Twitter. This involves using a specific custom print server to install a specially created print driver that can run at the system-privilege level. This can allow non-admin users to open a command prompt with elevated privileges. You can see this in action in this video, as tested by Bleeping Computer, which first reported on the vulnerability.

Demonstration of remote PrintNightmare driver open a SYSTEM command prompt

Since the vulnerability is not patched, the easiest way to prevent it would be to disable Windows Print Spooler entirely. However, an advisory posted online showcases other methods. These are more complex and involve blocking remote traffic and restricting Point and Print functionality via the Group Policy editor. This makes it so non-admin users can only install print drivers from an approved list, but permitted print servers still can be injected with bad drivers.

Recommended Videos

It doesn’t seem like there’s going to be an end to PrintNightmare vulnerabilities anytime soon. Microsoft already fixed the initial PrintNightmare issue with a rare out-of-band patch, but since then security researchers have been digging into Microsoft’s fix and raising new concerns. On July 16, researchers demonstrated that someone with local (physical) access to a PC can use the Print Spooler to install programs and view, change, or delete data under a specific scenario.

Please enable Javascript to view this content

This would be the third big issue reported by researchers, and there could be more on the way soon. The DefCon and Black Hat conferences are coming up. Usually, that’s where issues like this one are discussed. DefCon is the largest underground conference where hackers, corporate IT professionals, and government agencies aim to expand their knowledge and skill set in the world of hacking.

Arif Bacchus
Arif Bacchus is a native New Yorker and a fan of all things technology. Arif works as a freelance writer at Digital Trends…
Whatever you do, don’t install the Windows 11 September update
Windows 11 logo on a laptop.

Microsoft has warned users in a post on its support blog that the September KB5043145 update, released on Thursday, is causing some Windows 11 PCs to restart multiple times, show the blue screen of death, or even freeze.

The problems in the recent update affect those on the 22H2 or 23H3 version of Windows 11. However, Microsoft said it is investigating the issue and will provide more information when it's available. Microsoft confirmed: "After installing this update, some customers have reported that their device restarts multiple times or becomes unresponsive with blue or green screens. According to the reports, some devices automatically open the Automatic Repair tool after repeated restart attempts. In some cases, BitLocker recovery can also be triggered."

Read more
Don’t use your Windows PC without using these security settings
The Windows Security app in Windows 11.

Historically, Windows has had a bad reputation for security, and there are far more malware strains that target Windows than any other operating system out there -- largely due to the scale of PCs that exist in the world. With such a vast array of potential threats, it’s more important than ever to keep your Microsoft PC safe and protected.

But doing so doesn’t have to be difficult or expensive. In fact, you can start right now with just the computer you own, no extra software necessary. And if you do want to supplement your PC with some of the best Windows apps that will boost your security and privacy, you don’t need to pay a penny.

Read more
There’s a scary new way to undo Windows security patches
Windows 11 logo on a laptop.

Security patches for Windows are essential for keeping your PC safe from developing threats. But downgrade attacks are a way of sidestepping Microsoft's patches, and a security researcher set out to show just how fatal these can be.

SafeBreach security researcher Alon Leviev mentioned in a company blog post that they'd created something called the Windows Downdate tool as a proof-of concept. The tool crafts persistent and irreversible downgrades on Windows Server systems and Windows 10 and 11 components.

Read more