Microsoft PrintNightmare Hack Gives Any Windows User Admin Privileges to a PC—How to Fix

The Microsoft logo is seen at its local headquarters in Beijing on July 20, 2021, the day after the US accused Beijing of carrying out cyber attack on Microsoft and charged four Chinese nationals over “malicious” hack in March.

The Microsoft PrintNightmare security vulnerability has been bringing numerous problems to Windows users. And now, another flaw has been discovered.

As per Bleeping Computer, in June, a security researcher disclosed a vulnerability on Windows that goes by the name PrintNightmare or CVE-2021-34527. Back then, it provided remote code execution, along with the elevation of privileges on the Microsoft operating system.

Even as Microsoft attempted to fix the PrintNightmare security flaw with an updated patch, it still failed to stop the potential exploitation of hackers.

Researchers quickly figured out a way to bypass the recently rolled out fix. Thus, making the update useless.

Microsoft PrintNightmare Hack and Windows Admin Privileges

This time around, the PrintNightmare still carries alarming vulnerabilities, according to a recent study concerning it.

To be precise, a security researcher, who is also a Mimikatz creator, Benjamin Delpy, found a hack to allow anyone to have an admin privilege in a PC.

It is to note that Delpy still continues to study the PrintNightmare, wherein he still constantly shares bypasses to exploit the remote printer driver.

Also Read: Protecting Data Online in the New Normal

Microsoft PrintNightmare Hack: How it Works

Delpy was able to gain complete access to a PC by setting up the remote printer server at \\printnightmare[.]gentilkiwi[.]com, a website that allows users to download a hacked version of the driver.

Asu such, upon installing the hack, a person with an account that only has limited access could instantly get an admin privilege that can completely access a PC. That said, a corporate user can go on to control the PCs of other people.

It is to note that BleepingComputer tested the hack themselves and found the hack working as the security researcher said it does.

Microsoft PrintNightmare Hack: How to Stop

Now that it has been established that the remote printer server definitely allows any user to have admin access, Delpy also gave solutions to prevent such incidents from happening to other folks out there.

To make things easier, CERT outlined the quick fix in their advisory. And to cut to the chase, here is one of them.

One way of combating the exploit involves the disabling of the Windows print spooler. It is to note that this method prevents all of the vulnerabilities that the PrintNighmare carries.

Also Read: The Top 4 W’s of Ethical Hacking

Start by opening the Command Prompt by clicking the Windows key on your keyboard and the X key simultaneously. Then, upon opening the program, enter this:

Stop-Service -Name Spooler -Force

Set-Service -Name Spooler -StartupType Disabled

However, applying this command will disable the remote printing service on your PC.