Skip to main content

Microsoft Patches A Major Exploit From Windows' Printer Service

Alert
(Image credit: Shutterstock)

Yesterday, Microsoft patched a major vulnerability within multiple Windows versions known as the “PrintNightmare” exploit, allowing attackers to execute malicious code remotely through the Windows Print Spooler service. The update patching this vulnerability is called KB5004945 and should be installed as soon as possible if your Windows 10 PC or device is connected to a printer.

More specifically, this vulnerability can run code with system privileges, effectively giving the attacker full system access to your PC. Including deleting files, installing apps, and creating accounts with full user rights.

The vulnerability affects not only Windows 10, but also Windows 8.1, Windows Server 2012, Windows Server 2019 and even Windows 7. In fact, Microsoft is even going to provide a patch for Windows 7, thought that OS is now out of support.

To get KB5004945, all you need to do is check for Windows Updates and you should receive the cumulative patch immediately. If you need to download the patch manually, you can download it from the Microsoft Update Catalog.

  • Palorim12
    this update broke all our Zebra label printers in my job. Have had to go to every PC in the company and uninstall the update and pause updates.
    Reply
  • USAFRet
    Palorim12 said:
    this update broke all our Zebra label printers in my job. Have had to go to every PC in the company and uninstall the update and pause updates.
    Having rolled back from this patch, what is your near and long term concept for mitigating the problem this patch fixes?
    Reply
  • hotaru.hino
    Palorim12 said:
    this update broke all our Zebra label printers in my job. Have had to go to every PC in the company and uninstall the update and pause updates.
    And did you ask Zebra if there's a fix for this coming?

    Because considering there are public implementations to exploit this vulnerability, the longer you go without updating the more at risk you put your company at.
    Reply
  • Eximo
    Depends if the machines running the printers are internet facing, I suppose.
    Reply
  • vern72
    So the printer is on fire!
    Reply
  • Palorim12
    USAFRet said:
    Having rolled back from this patch, what is your near and long term concept for mitigating the problem this patch fixes?

    At the moment no idea. Spent all of Wednesday with the head of our IT department trying stuff on one of the affected computers, and one of our other guys contacted Microsoft and they said they are aware of the issue with Type 3 printers like the Zebra and to just uninstall the update and pause updates. After 7 hours, my boss told me he gave up and to just uninstall the update and we'll wait and see.

    hotaru.hino said:
    And did you ask Zebra if there's a fix for this coming?

    Because considering there are public implementations to exploit this vulnerability, the longer you go without updating the more at risk you put your company at.

    These printers are local printers, luckily, but the systems themselves are connected to the internet. there's a reddit page where someone posted that Zebra is aware of the issue, but nothing else yet. sysadmin/comments/oflbnyView: https://www.reddit.com/r/sysadmin/comments/oflbny/windows_printnightmare_update_kb5004945_is/

    "The July 6 Windows “KB5004945” update is affecting multiple printer brands and impacting our call center wait times. Microsoft plans to release an update in the next 1–2 business days. Please click here for more information on how to address this issue."
    https://supportcommunity.zebra.com/s/article/000021051?language=en_US&tactic_type=STO&tactic_detail=OT_July+Windows+Update_TW_NA_None
    Microsoft's resolution is Known Issue Rollback, but my boss says its not for KB5004945, despite Microsoft listing KB5004945.
    Reply
  • USAFRet
    OK.
    Don't forget to Unpause the updates when this is fixed.
    Reply
  • Eximo
    Zebra printers, and other printers, were the bane of my existence at my old job. IT didn't support printers, it was outsourced, so all the non-standard printers were always causing issues because there was no information sharing. I never understood why they didn't just create a small group to handle it.

    One time we put in an comprehensive asset management system. It had a SMTP function where it would query devices on the network for their information.

    Apparently some of the printers took those messages as input commands and made all sorts of weird adjustments. Still not sure if that was the result of poor programming, or just a mix of outdated printers and newer SMTP messages (or somebody did something stupid, like re-purposing a set of commands)
    Reply
  • Palorim12
    Looks like Microsoft released KB5004237 yesterday which "updates an issue that might make printing to certain printers difficult. This issue affects various brands and models, but primarily receipt or label printers that connect using a USB port." My zebra printers are working now after installing this update.
    Reply