Microsoft claims its “PrintNightmare” fix is working but acknowledges issues with select printers

Laurent Giret

Microsoft’s fix for the Windows Print Spooler vulnerability dubbed “PrintNightmare” continues to be under scrutiny after several security researchers claimed that the patch didn’t fully protect users. After investigating these claims, the Microsoft Security Response Center team published a reassuring blog post yesterday explaining that the emergency fixes released earlier this week are working as intended.

“Our investigation has shown that the OOB security update is working as designed and is effective against the known printer spooling exploits and other public reports collectively being referred to as PrintNightmare. All reports we have investigated have relied on the changing of default registry setting related to Point and Print to an insecure configuration,” the MRSC team explained.

One of the Windows security experts that indeed put the effectiveness of Microsoft PrintNightmare fixes into question showed a remote code execution (RCE) and local privilege escalation (LPE) exploit on a patched Windows Server 2019 with the Point and Print technology enabled. However, the MRSC team emphasized yesterday that its fix is effective when the default registry settings for its Point and Print technology are unchanged. Microsoft has more on the registry settings requirements if you’re having issues.

“If our investigation identifies additional issues, we will take action as needed to help protect customers,” the MRSC team said yesterday. In the meantime, Microsoft has also acknowledged that after installing its emergency KB5004945 patch released on July 6, some users may encounter printing issues on certain printers from Zebra and other brands. According to a statement shared with The Verge, Zebra said that Microsoft is planning to release another update to fix this issue in the coming days.

We are aware of a printing issue caused by the July 6 Windows “KB5004945“ update affecting multiple brands of printers. Microsoft has investigated this issue and plans to release an update addressing the issue within the next 1–2 business days. An immediate way to address the issue is to uninstall the Windows “KB5004945“ update or uninstall the affected printer driver and reinstall using Administrative credentials. Long term, we encourage the use of the newer Windows update Microsoft is planning to release. Customers who need assistance regarding Zebra printers may contact our Technical Support Team.

With the July monthly security updates for Windows coming next week on “Patch Tuesday,” we hope that a fix for these printing issues will be ready by then. It’s time for the company to end this PrintNightmare saga once and for all, especially since the remote code execution vulnerability is affecting all versions of Windows is already being exploited in the wild.