Everything You Need to Know About the “Print Nightmare” Vulnerability

According to one recent study, over 18,000 vulnerabilities were discovered during 2020 alone. Not only that, but roughly half of all internal-facing web application vulnerabilities are considered to be of a “high risk” category – meaning that they need to be patched as soon as possible. If you need just a few statistics to point to the importance of keeping your software updated at all times, let it be those ones.

At this point, new vulnerabilities in commonly used programs are being discovered on a daily basis – creating something of a race between software developers and hackers to see whether those issues can be fixed faster than they can be taken advantage of. In early July, 2021, a particularly devastating one was discovered. The appropriately named “Print Nightmare” vulnerability impacts the Windows print queue, and it was discovered in one of the most widely used operating systems on the planet – Windows 7.

The Print Nightmare Vulnerability: Breaking Things Down

As stated, the “Print Nightmare” vulnerability impacts the Windows 7 operating system – which, to be fair, is no longer being supported by Microsoft. At TSI, we’ve long recommended that our clients update to a newer operating system that is being supported to avoid exactly this type of issue.

Having said that, the vulnerability itself is nothing new – indeed, it has existed for several years but has only hit the news recently as rogue actors have figured out how to capitalize on it. It was first discovered by the United States Cyber Security Infrastructure Security Agency, who indicated that it was a “critical threat” to all devices running Windows 7 or higher.

This is because the print queue in the Windows operating system doesn’t restrict access to the RpcAddPrinterDriverEx function, which is what attackers are using to execute malicious code on a target device.

To their credit, a patch was released from Microsoft almost immediately aimed at addressing this threat as thoroughly as possible. However, experts agree that the patch quickly proved to be incomplete – meaning that it failed to address all of the potential issues that are now being associated with the “Print Nightmare” bug.

While the patch doesn’t totally eliminate the vulnerability, it does offer a certain amount of protection from “Print Nightmare” – truly, this is one of those situations where downloading the patch is better than doing nothing at all. At TSI, we recently pushed out the patch to all of our users in advance of a more complete fix that will be applied as soon as it is received from the people at Microsoft.

At TSI, we want all of our clients to know that this patch is of critical importance – but it won’t come without a certain level of inconvenience. More specifically, once it is applied it will cause downtime for all Zebra printers – that is, until a more permanent fix is provided from the team at Microsoft.

All told, we want TSI clients to know that they should keep their machines online overnight – and they should reboot them in the morning – to make sure that the patch itself takes effect. This patch depends on a full system reboot to work, but don’t worry – TSI will reboot your machines during your pre-scheduled “patch and maintenance” window to avoid as much disruption as possible. Still, please take preparations to make sure that this outage will cause a minimum amount of impact to your organization.

Any machines that are not being maintained by TSI may not receive the patch at all, so you need to be proactive about making sure those devices are updated manually moving forward.