Skip to content

DA7. OS Security Flaws

Statement

Discuss one major recent operating system security flaw and what steps were taken to remediate the issue.

Answer

  • The security flaw this text talks about is the PrintNightmare vulnerability.
  • PrintNightmare is a security flaw affecting the Windows operating system and was labeled CVE-2021-34481 (Microsoft Security Response Center, 2021).
  • PrintNightmare is a remote code execution vulnerability in the Windows Print Spooler service, where the attacker can execute arbitrary code on the target machine with SYSTEM privileges.
  • By default, the Windows Print Spooler service will automatically install the printer driver as soon as a new printer is added to the system. This is a security flaw because the attacker can add malicious code to the printer driver and execute it on the target machine (Abrams, 2021).

Steps were taken to remediate the issue

  • According to (Microsoft Security Response Center, 2021), the first response from Microsoft was some quick workarounds that will prevent the exploitation of the vulnerability until a patch is released.
  • The recommended workarounds were:
    • Disable the Print Spooler service.
    • Disable inbound remote printing through Group Policy.
    • Disable more settings in the registry.
  • A few days later, Microsoft released a patch for the vulnerability. The patch was named KB5005010 Which restricts the installation of new printer drivers to administrators only.
  • Later in the month, Microsoft also released a patch for the vulnerability. The patch was named KB5005652 which disables the usage of the entire Print Spooler service for non-administrators. This means that users will need to raise their privileges to install a new printer driver.

Conclusion

  • The PrintNightmare vulnerability was a major security flaw in the Windows operating system where the company responded quickly and recommended everyone stop using the service until further investigations.
  • The company later released multiple patches to fix the vulnerability and prevent it from being exploited.

References