After a couple of months of struggling to figure out a string of printing-related vulnerabilities, Microsoft thinks it has found the fix. It will now require admin privileges for a system feature called Point and Print.
“Our investigation into several vulnerabilities collectively referred to as ‘PrintNightmare’ has determined that the default behavior of Point and Print does not provide customers with the level of security required to protect against potential attacks,” the Microsoft Security Response Center team writes. “Today, we are addressing this risk by changing the default Point and Print driver installation and update behavior to require administrator privileges.”
This change was delivered in a cumulative update for all supported Windows versions as part of yesterday’s Patch Tuesday releases, and it is documented as CVE-2021-34481. This update will mitigate the publicly documented vulnerabilities in the Windows Print Spooler service, Microsoft says, but it may also “impact Windows print clients in scenarios where non-elevated users were previously able to add or update printers.”
Naturally, Microsoft believes the security risk justifies this change. And given the events of the past two months, it’s hard to disagree.