Print Nightmare is a critical vulnerability, currently unpatched, that affects computers running Windows 7 or later. Windows 7 is in the news again because of a recently discovered vulnerability that affects the Print Queue service in Windows from that version of the operating system, which, it should be remembered, is no longer supported. This vulnerability has been called Print Nightmare and can cause an attacker to execute code remotely on your computer.
How to avoid Print Nightmare vulnerability?
To avoid Print Nightmare there is no definitive solution for now and Microsoft is working to eliminate a threat that affects the Windows print queue, a service present since Windows 7 and on all computers that have this system or another more current one.
The vulnerability CVE-2021-34527 called “Print Nightmare” can allow an attacker to execute code on our PC remotely. This vulnerability has been present for years and has come to light when Github showed a tutorial on how to exploit the weakness.
The threat has been discovered by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the problem lies in the fact that despite what those who have shown how to exploit it believed, it has not yet been corrected.
Print Nightmare is a threat classified as critical and is caused by the fact that the Print Queue Service does not restrict access to the RpcAddPrinterDriverEx function, something that can allow a malicious and remotely authenticated attacker to execute code remotely on our computer.
Because it is a vulnerability present in several versions of Windows (it arises with Windows 7) and is not yet fixed, Microsoft has developed a series of recommendations to prevent us from being affected.
The first is to disable the “Print Queue” service if you do not have a printer. If you have a printer, go to “Edit Group Policies”, select “Computer Configuration”, then click on “Administrative Templates”, select “Printers” and there disable the option “Allow the print job manager to accept client connections”.
