Microsoft today released a security update that changes the default behavior of the "Point and Print" feature to fix a serious security vulnerability that was revealed last month.
The Point and Print feature was first added to the Windows 2000, and works by contacting a print server to download and install the necessary print drivers whenever a user establishes a connection to a remote printer without the drivers.
Earlier this year, Jacob Baines, a reverse engineer at Dark Wolf Solutions, found that the maliciousι χρήστες μέσα στο δίκτυο μιας companys could abuse Point and Print functionality to run a malicious print server and force Windows systems to download and install malicious drivers.
Since Point and Print operated with SYSTEM privileges, the function gave malicious users (very easily) the right to gain administrator privileges on any large corporate or government network.
Microsoft initially tried to fix the issue that it documented as CVE-2021-34481 last month, but the updates were incomplete.
Today, the company took a different approach. Because the security loophole exploits a design flaw, Microsoft has chosen to change the default behavior of Point and Print.
While to date, any user could add a new printer to a Windows computer, Microsoft says that after Patch Tuesday, only administrators will be able to add or update a printer with drivers from a remote print server.
"This change will take effect with the installation of security updates released on August 10, 2021, for all supported versions of Windows," Microsoft said today.
"This change may affect Windows print clients in scenarios where unprivileged users could add or update the printers. However, we strongly believe that the security risk justifies this change," the company continues.
For companies and users who do not want to block printer installations within their networks, Microsoft a registry key was also released allowing the old behavior.
However, Microsoft warns of the dangers:
Disabling this update will expose your environment to publicly known vulnerabilities in Windows Print Spooler, and we encourage administrators to assess their security needs before taking on this responsibility.
