0patch has released free microfixes against PrintNightmare vulnerability such as Digi.no discussed last week. The recommendation then was to turn off the Windows Print Spooler service, which, among other things, caused you to no longer be able to print until you turned it on again.
Before the weekend, 0patch came out with a number of microfixes for the Windows versions that are vulnerable to PrintNightmare. These will remain free and available from them until Microsoft comes up with its own fix.
How it works
The microfixes work by removing the possibility that the APD_INSTALL_WARNED_DRIVER flag in dwFileCopyFlags in the AddPrinterDriverEx function can bypass an access check. It was this that made the attack in the exploitation of the vulnerability work.
The fix will remove the “install warned drivers” feature – which 0patch believes is little used and worth removing to prevent an attacker from running arbitrary code.
![]()
–
More serious than expected
In an update on Monday 5 July, 0patch also writes that security researcher cube0x0 has found another attack vector that greatly increases the scope of machines that are vulnerable. This attack vector also causes non-domain controllers and standard Windows 10 installations to become vulnerable. This significantly increases the extent of the vulnerability.
0patch further says that the fixes they have released will work even with this new attack vector.
Diverse possibilities
Along with this fix, there are now several ways to protect yourself from the PrintNightmare attack. 0patch itself claims that, among other things, Microsoft’s proposal to turn off the “Print Spooler” service, and other proposals related to imposing special rights on users or folders, will have unforeseen consequences in a production environment.
0patch also recommends installing Microsoft Fix when it eventually arrives.
![]()
–
– .
