Skip to main content
  1. Home
  2. Computing
  3. News

This crucial Windows update finally fixes the PrintNightmare vulnerability

By
Add as a preferred source on Google

Microsoft has issued a new security patch for the issues surrounding the PrintNightmare vulnerability in Windows. This time around, Microsoft is changing the default Point and Print driver installation and update behavior to require administrator privileges.

According to Microsoft, this latest change comes because the company believed the default behavior of Point and Print did not provide its customers with “the level of security required to protect against potential attacks.” This basically addresses the issue from early August where a cybersecurity researcher managed to exploit the Windows Print Spooler and gain administrative privileges in Windows by using a custom print server.

A printer sitting on a desk next to coins.
Image used with permission by copyright holder

The change will take effect with the latest security updates released for all versions of Windows as part of what’s known as “Patch Tuesday.” On Windows 10 version 21H1 (The May 2021 Update,) and the two more recent versions of Windows 10, you can head to Windows settings, click Update and Security, followed by Check for Updates. You can then look for KB5005033 in the list to apply the patch (and then this change) to your machine. Your PC will restart as part of the process.

Recommended Videos

“The installation of this update with default settings will mitigate the publicly documented vulnerabilities in the Windows Print Spooler service,” said Microsoft.

After installing this patch, the ability for non-elevated users to add or update printers might be impacted. Microsoft says that the security risks of PrintNightmare justify this change. If you still want non-elevated users to add or update printers to add or update printers, you can do so with a registry key. This, however, is not recommended as it will expose your PC to publicly known vulnerabilities in the Windows Print Spooler service.

PrintNightmare has been a tricky issue for Microsoft to fix. Since the vulnerabilities in the Windows Print Spooler service were first discovered back in July, Microsoft issued one big patch which it said addressed the issue. Security Researchers then dug deeper into the patch and exposed two other flaws beyond what Microsoft had already fixed.

To ensure that you’re protected against PrintNightmare, Microsoft urges you to update your PC as soon as possible. If you have automatic updates turned on, you’re automatically protected and won’t have any issues.

Arif Bacchus
Arif Bacchus
Former Computing Writer
Arif Bacchus is a native New Yorker and a fan of all things technology. Arif works as a freelance writer at Digital Trends…
Topics
The Mac Pro is dead at Apple, and I’ll miss the cheese-grater powerhouse
RIP Mac Pro. The Mac Studio is taking the throne, and we're okay with that.
Electronics, Computer, Pc

Apple has officially discontinued the Mac Pro. It’s been removed from Apple’s website, and Apple has confirmed to 9to5Mac that there are no plans to release a future version. The buy page now redirects to Apple’s Mac homepage, where the Mac Pro no longer exists.

Why did Apple kill the Mac Pro?

Read more
March Madness, Revisited: The AI Model Did Well. But Mad Things Still Happen
Stills from NCAA games.

(NOTE: This article is part of an ongoing series documenting an experiment with using AI to fill the NCAA brackets and see how it fares against years of human experience. The original article is as follows.)

A week ago, I wrote about entering an NCAA tournament pool with a more disciplined process than I usually use.

Read more
A simple coding mistake is exposing API keys across thousands of websites
Security gaps that are easier to miss than you think
Computer, Electronics, Laptop

After analyzing 10 million webpages, researchers have found thousands of websites accidentally exposing sensitive API credentials, including keys linked to major services like Amazon Web Services, Stripe, and OpenAI.

This is a serious issue because APIs act as the backbone of the apps we use today. They allow websites to connect to services like payments, cloud storage, and AI tools, but they rely on digital keys to stay secure. Once exposed, API keys can allow anyone to interact with those services with malicious intent.

Read more