PrintNightmare (CVE-2021-34527) Compatibility

Overview

In June 2021, a critical Windows security vulnerability known as PrintNightmare (CVE-2021-34527) sent IT teams scrambling to protect their print infrastructure. This vulnerability in the Windows Print Spooler service allowed remote code execution, which meant attackers could potentially take control of affected systems.

If you're running ScrewDrivers, you might be wondering how the PrintNightmare patches and workarounds affect your printing environment. The good news is that ScrewDrivers is compatible with Microsoft's security fixes, though some alternative workarounds require specific configuration adjustments.

Recommended Solution: Microsoft Updates

On July 6, 2021, Microsoft released emergency patches to address the PrintNightmare vulnerability. After testing at Tricerat, we've confirmed that ScrewDrivers works properly with these Microsoft updates. You can safely apply these patches to your desktops and servers without breaking ScrewDrivers functionality.

That said, we strongly recommend testing these updates in your specific environment before deploying them broadly. Every environment's unique, and it's always best to verify functionality with your particular configuration before rolling out security patches across your entire infrastructure.

Alternative Workaround: Spool Folder Permissions

Before Microsoft's patches were available, security researchers at TrueSec discovered a workaround that involved denying SYSTEM access to the Windows spool folder. While this workaround did mitigate the vulnerability, it also breaks ScrewDrivers printing on VDI systems, terminal servers, and print servers.

If you've already implemented this workaround and need to restore ScrewDrivers functionality, you'll need to grant SYSTEM full control permissions to the specific ScrewDrivers driver files. Here's what you need to do:

For ScrewDrivers v7

Grant SYSTEM full control permissions to these files:

C:\Windows\System32\spool\drivers\x64\3\ScrewDriversDrv.dll
C:\Windows\System32\spool\drivers\x64\3\ScrewDriversUI.dll

For ScrewDrivers v6

Grant SYSTEM full control permissions to these files:

C:\Windows\System32\spool\drivers\x64\3\sd6drv.dll
C:\Windows\System32\spool\drivers\x64\3\sd6ui.dll

This approach lets you keep the spool folder workaround in place while allowing ScrewDrivers to function normally.

Not Recommended: Disabling the Print Spooler

Microsoft's initial guidance suggested disabling the Print Spooler service entirely as a temporary mitigation. While this does eliminate the vulnerability, it also completely disables all printing functionality—not just for ScrewDrivers, but for any printing solution. If the Print Spooler service is disabled on your session desktops, print servers, or remote desktop clients, printing simply won't work.

We don't recommend this approach unless you've got a specific scenario where printing isn't needed and you can't apply Microsoft's patches. In most cases, applying the official Microsoft updates is the better path forward.

Additional Resources

• https://www.reddit.com/r/msp/comments/ob6y02/critical_vulnerability_printnightmare_exposes

• https://us-cert.cisa.gov/ncas/current-activity/2021/07/06/microsoft-releases-out-band-security-updates-printnightmare

• Page: