Windows 10 PrintNightmare isn’t over after all, and ransomware attackers are taking note

Despite Microsoft’s efforts, PrintNightmare continues to be an issue for Windows 10 PCs.

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

What you need to know

Another zero-day Windows print spooler vulnerability has been discovered (via Bleeping Computer). This is yet another bug that falls under the class known as PrintNightmare. Like other vulnerabilities in its class, attackers can exploit this vulnerability to run code with SYSTEM privileges.

Microsoftreleased patches that address PrintNightmare vulnerabilitiesin July and August 2021. The company alsochanged the process for installing new printer driversto require admin privileges. Despite these changes, researchers have found ways to attack PCs utilizing a Print Spooler vulnerability.

Microsoft explains the issue, which is labeledCVE-2021-36958:

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.The workaround for this vulnerability is stopping and disabling the Print Spooler service.

Despite the fact that users now need admin privileges to install printer drivers, admin privileges are not required to connect to a printer if a driver is already installed. Additionally, drivers on clients don’t need to be installed, so the vulnerability is left open to attack in cases when someone connects to a remote printer.

Bleeping Computeralso reports that PrintNightmare exploits are being used by ransomware attackers. A ransomware group called Magniber has been discovered attempting to exploit PrintNightmare vulnerabilities, according to a report fromCrowdstrike.

Crowdstrike’s director of threat research and reporting warns that this could only be the start of attackers exploiting these vulnerabilities, “CrowdStrike estimates that the PrintNightmare vulnerability coupled with the deployment of ransomware will likely continue to be exploited by other threat actors.”

Get the Windows Central Newsletter

All the latest news, reviews, and guides for Windows and Xbox diehards.

Sean Endicott is a tech journalist at Windows Central, specializing in Windows, Microsoft software, AI, and PCs. He’s covered major launches, from Windows 10 and 11 to the rise of AI tools like ChatGPT. Sean’s journey began with the Lumia 740, leading to strong ties with app developers. Outside writing, he coaches American football, utilizing Microsoft services to manage his team. He studied broadcast journalism at Nottingham Trent University and is active on X @SeanEndicott_ and Threads @sean_endicott_.