An emergency update issued to Windows 10 by Microsoft to stop a printer exploit bug made users lose access to their printers.
Users that installed the ‘PrintNightmare’ patch, which stops hackers using a critical flaw in the Windows Print Spooler software that could result in malicious individuals running code as administrators on machines, discovered that they could not connect to their printers.
Researchers had discovered the tweeted in May that they had found the vulnerability, but accidentally made the proof-of-concept available online. Although they quickly deleted it, it was shared elsewhere including on Microsoft-owned GitHub.
Microsoft acknowledged the problem on its website: “After installing this update, you might have issues printing to certain printers. Most affected printers are receipt or label printers that connect via USB”, it said.
“This issue is resolved using Known Issue Rollback (KIR). Please note that it might take up to 24 hours for the resolution to propagate automatically to consumer devices and non-managed business devices. Restarting your Windows device might help the resolution apply to your device faster. For enterprise-managed devices that have installed an affected update and encountered this issue, it can be resolved by installing and configuring a special Group Policy.”
The problem can be solved by installing the patch or reinstalling the printer as an administrator after updating the computer. Microsoft has had to issue patches for Windows Server, Windows 10, Windows 8.1, and even Windows 7.
“This vulnerability is indeed serious because it allows cybercriminals to gain access to other computers within an organisation’s network. Since the exploit is publicly available, a lot of fraudsters will take advantage of it. Therefore, we urge all users to apply the latest security updates for Windows,” said Evgeny Lopatin, security expert at Kaspersky.
This is the latest in a series of security concerns for Windows this year. In March, Microsoft said that it had found major vulnerabilities in its Exchange Server tools, which is used to run email and calendars for many large companies.
Less than two weeks later a problem with the Adobe Type Manager Library, which collects fonts together, caused by a particular font meant the operating system could be taken over by hackers.
However, it is claimed that the local privilege escalation (LPE) hole remains vulnerable even after the fix, which means is it still possible an authenticated user to get admin-level privileges on a local or remote machine running the Windows print spooler service, The Register reports.
Microsoft said that it was “aware of claims and are investigating, but at this time we are not aware of any bypasses.”
The company continued: “We have seen claims of bypass where an administrator has changed default registry settings to an unsecure configuration. See CVE-2021-34527 guidance for more information on settings required to secure your system”, adding that “if our investigation identifies additional issues, we will take action as needed to help protect customers.”