CVE-2021-34527 - PrintNightmare - Any impact to Citrix Products
Article ID: CTX321070
Updated On:
Description
CVE-2021-34527 - PrintNightmare - Any impact to Citrix printing for Virtual Apps and Desktops client and network printing.
Environment
Caution! Using Registry Editor incorrectly can cause serious problems that might require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it.
Resolution
As per Microsoft documentation on this, NoWarningNoElevationOnInstall set to 1 makes your system vulnerable by design because it means that there will be no prompt upon driver install.
With this set to 0 (disabled) that means that a prompt is presented to install printers / driver updates:
How is Point and Print technology affected by this particular vulnerability? Point and Print is not directly related to this vulnerability, but the technology weakens the local security posture in such a way that exploitation will be possible.
To disallow Point and Print for non-administrators make sure that warning and elevation prompts are shown for printer installs and updates.
The following registry keys are not present by default. Verify that the keys are not present or change the following registry values to 0 (zero):
• HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint
• NoWarningNoElevationOnInstall = 0 (DWORD)
• NoWarningNoElevationOnUpdate = 0 (DWORD)
We also recommend explicitly listing specific print servers which should be used by clients. Install the July 6 updates and optionally perform step 2 from: https://support.microsoft.com/en-us/topic/kb5005010-restricting-installation-of-new-printer-drivers-after-applying-the-july-6-2021-updates-31b91c02-05bc-4ada-a7ea-183b129578a7
With this set to 0 (disabled) that means that a prompt is presented to install printers / driver updates:
How is Point and Print technology affected by this particular vulnerability? Point and Print is not directly related to this vulnerability, but the technology weakens the local security posture in such a way that exploitation will be possible.
To disallow Point and Print for non-administrators make sure that warning and elevation prompts are shown for printer installs and updates.
The following registry keys are not present by default. Verify that the keys are not present or change the following registry values to 0 (zero):
• HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint
• NoWarningNoElevationOnInstall = 0 (DWORD)
• NoWarningNoElevationOnUpdate = 0 (DWORD)
We also recommend explicitly listing specific print servers which should be used by clients. Install the July 6 updates and optionally perform step 2 from: https://support.microsoft.com/en-us/topic/kb5005010-restricting-installation-of-new-printer-drivers-after-applying-the-july-6-2021-updates-31b91c02-05bc-4ada-a7ea-183b129578a7
Was this article helpful?
Yes
No
Powered by
