However, Microsoft also warns of the risks:ĭisabling this mitigation will expose your environment to the publicly known vulnerabilities in the Windows Print Spooler service and we recommend administrators assess their security needs before assuming this risk. However, we strongly believe that the security risk justifies this change,” the OS maker added.įor companies and users who don’t want to block printer installations inside their networks, Microsoft has also provided a registry key to continue allowing the old behavior, with the registry key detailed here. “This change may impact Windows print clients in scenarios where non-elevated users were previously able to add or update printers.
“This change will take effect with the installation of the security updates released on August 10, 2021, for all supported versions of Windows,” Microsoft said today.
While until now, any user could add a new printer to a Windows computer, Microsoft says that after today’s Patch Tuesday, only admin users will be able to add or update a printer with drivers from a remote print server. Since the vulnerability is exploiting a design flaw, Microsoft chose today to change the default behavior of the Point and Print feature. Today, the company took another approach. Microsoft initially tried to patch the issue-tracked as CVE-2021-34481-last month, but the patches were deemed incomplete. Desperate times call for desperate measures Since Point and Print ran with SYSTEM privileges, the feature effectively provided threat actors with an easy way to gain admin rights inside any large corporate or government network.
Microsoft has released today a security update that will change the default behavior of the “Point and Print” feature to mitigate a severe security issue disclosed last month.įirst added in Windows 2000, the Point and Print feature works by connecting to a print server to download and install necessary print drivers every time a user creates a connection to a remote printer without providing installation media.Įarlier this year, Jacob Baines, a reverse engineer for Dark Wolf Solutions (currently at Dragos), found that threat actors inside a company’s network could abuse the Point and Print feature to run a malicious print server and force Windows systems to download and install malicious drivers.
Microsoft to require admin rights before using Windows Point and Print feature