If you run Windows 10, UPDATE YOUR COMPUTER RIGHT NOW!!!

[thewayne]

There is a critical security bug that was discovered late yesterday called PrintNightmare in Windows' print spooler. It affects ALL versions of Windows!

Let me repeat that.

EVERY. FREAKING. VERSION. OF. WINDOWS.

Not just Windows 10.

Server.

7.

Vista.

And on down the line.

It allows the remote creation of privileged accounts, so even if you're not running as an admin user, the villains can create an admin account on your system.

If you're running Windows 10, there's a patch, and you should apply it toot sweet. If you're running an older version of Windows, there will be a patch soon, they're working on them. There is a stop-gap measure: disable the Print Spooler. You won't be able to print remotely, but you also won't be able to be compromised.

Read the comments on Krebs' post, since the patch was rushed out, it may be buggy. You might want to just disable the Print Spooler for now until a better patch can be created.

https://krebsonsecurity.com/2021/07/microsoft-issues-emergency-patch-for-windows-flaw/

https://gizmodo.com/printnightmare-windows-users-need-to-install-this-emer-1847243126

Comments

Thanks for the reminder on this!

[dauntless_heart]

I read about it this morning and then forgot. My machine is updating now!

Re: Thanks for the reminder on this!

[thewayne]

I've got to do my gaming laptop tonight, it's been sleeping since last night.  Our IT director hasn't pushed an update for it yet, I sent him a link to it earlier this morning and the same email to the main campus security people.  Crickets from both.  Not my problem!  They get to do cleanup if machines get compromised.

Re: Thanks for the reminder on this!

[bibliofile]

Me too. THanks for the reminder.

[dewline]

Okay, thanks for this. At least one person I know is running an older version of Windows, and while they don't do remote printing at all - that I know of - I think they'll appreciate the heads-up.

[thewayne]

Doesn’t matter if you do remote printing. Print Spooler is enabled on all Windows installations.

[dewline]

Well, we'll still have to wait for the patch for this particular Windows version.

[moonhare]

I started updating this morning... damn, but I hate windows updates. Four of the five computers I worked on finally complied after lagging downloads and installs and multiple restarts, but there was that one that went south. And what a great time to find I didn't have that particular one backed up... one that had multiple customizations and peripherals. This will take most of tomorrow's shift for me to bring back online.


At least I had the main business pc here copied, even if it didn't go down.

[thewayne]

Oh, dear.  Yeah, it always seems to be the most complicated config that barfs on you ,doesn't it?  My personal Windows laptop is only used (currently) for playing Lord of the Rings Online and it backs up all my music files daily to OneDrive and weekly backs up C: to D:, and at intervals I back up C: to an external drive, so I'm not too concerned about it crashing.  Fortunately at the library I'm not responsible for any PCs and can only launch updates on non-student computers and nothing more.  I can, to a limited level, install software on non-student computers, sometimes that's difficult without an admin password.

[moonhare]

First, I noticed DeepFreeze didn’t reinstall properly. And I couldn’t get the computer to respond from the server. DF wouldn’t even open on the pc. I couldn’t get a command box to open until I went to safe mode and a scannow told me multiple errors were repaired… but to no avail. Windows was collapsing on itself! In the end I saved my ‘thawspace’ files and tomorrow will reimage with the dusty 1909 version OSL offers, and proceed from there :D It is more fun than Circ work, at least, and unless the drive somehow got corrupted this will just be a drawn out success.

And I’ll back this (and the other desk computers) up!

[thewayne]

Wow!  That's pretty seriously borked!  As we said in support "Yep, Windows does that sometimes." ;-)

[moonhare]

Postscript- I went in to work early today to download the IA file from OSL (turns out it is 20H2 after all), but when I boot up the misbehaving computer I find it isn’t misbehaving anymore. At all. So I open a command box in regular (not safe) mode, do another scannow (no errors), check and see all updates were successful yesterday, and go ahead and install DeepFreeze. Imagine…

[thewayne]

Heh. Windows does that sometimes. :-)

Wouldn't it be nice if computers behaved rationally.

The sad thing is that the patch that MS issued? It doesn't completely fix things if you're responsible for a Windows domain controller. But apparently it's good enough for stand-alone PCs, so people like us'uns should be fine.

I did three stand-alone public PCs and yesterday I did four laptops that we check out to students. One of them was supposedly fixed by IT for a problem of it not updating A/V, well, it's still not doing that and it's not updating anything at all. The other three eventually updated. I moved into a proper office and have a nice big desk with room that I could work on three laptops at a time! It was very sweet.

So whenever we get a new IT director and staff, I'll open another ticket. The director retires EOM and has no staff at all right now, it's not worth bothering opening a ticket.

[silveradept]

Always so much fun for everyone when a bug appears like this, but thank you for bringing it to our attention. I'll get all the other machines in order and disable their printing ability until I'm sure this one's taken care of.

[thewayne]

I haven't heard of any active exploits, but best to nip it in the bud, eh?