tis-fix-printnightmare
3.1-9
Fix Windows Print Spooler Remote Code Execution Vulnerability (CVE-2021-34527) also know as PrintNightmare
815 downloads
See build result See VirusTotal scan
Description
- package : tis-fix-printnightmare
- name : Fix PrintNightmare
- version : 3.1-9
- categories : Security,System and network
- maintainer : WAPT Team,Tranquil IT,Jimmy PELÉ
- installed_size :
- editor :
- licence :
- signature_date : 2023-04-03T16:01:41.004326
- size : 629.32 Mo
- locale : all
- target_os : windows
- impacted_process :
- architecture : x64
control
package : tis-fix-printnightmare
version : 3.1-9
architecture : x64
section : base
priority : optional
name : Fix PrintNightmare
categories : Security,System and network
maintainer : WAPT Team,Tranquil IT,Jimmy PELÉ
description : Fix Windows Print Spooler Remote Code Execution Vulnerability (CVE-2021-34527) also know as PrintNightmare
depends :
conflicts :
maturity : PROD
locale : all
target_os : windows
min_wapt_version : 2.0
sources : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
installed_size :
impacted_process :
description_fr : Correction de la vulnérabilité d'exécution de code à distance du spouleur d'impression de Windows (CVE-2021-34527), également connue sous le nom de PrintNightmare
description_pl : Naprawia lukę w Windows Print Spooler Remote Code Execution Vulnerability (CVE-2021-34527) znaną również jako PrintNightmare
description_de : Behebung der Windows-Druckspooler-Remotecode-Ausführungsschwachstelle (CVE-2021-34527), auch bekannt als PrintNightmare
description_es : Corregir la vulnerabilidad de ejecución remota de código de Windows Print Spooler (CVE-2021-34527) también conocida como PrintNightmare
description_pt : Corrigir a Vulnerabilidade de Execução de Código Remoto do Windows Print Spooler (CVE-2021-34527) também conhecida como PrintNightmare
description_it : Correggere la vulnerabilità di Windows Print Spooler Remote Code Execution (CVE-2021-34527), nota anche come PrintNightmare
description_nl : Fix Windows Print Spooler Remote Code Execution Vulnerability (CVE-2021-34527) ook bekend als PrintNightmare
description_ru : Устранение уязвимости удаленного выполнения кода в Windows Print Spooler (CVE-2021-34527), также известной как PrintNightmare
audit_schedule :
editor :
keywords :
licence :
homepage :
package_uuid : 6f961dac-e2fe-4453-9694-7c63a5413dd2
valid_from :
valid_until :
forced_install_on :
changelog :
min_os_version : 6.0
max_os_version : 6.2
icon_sha256sum : 50ebc8b391d1e8930ff6b89e962c0af3c804cab454c62d13514438f4dd703e60
signer : Tranquil IT
signer_fingerprint: 8c5127a75392be9cc9afd0dbae1222a673072c308c14d88ab246e23832e8c6bb
signature : FgWHkHJOjDm5TF9B79Ezmrkca1ny3/6GHusJkArWtK0hhdkbFWaJi3PLuBTnRKBxx0foZCUASREGKE2K5IwMEewmjbIPy5ZoVGKDSobpQicnATyaxcGLfOj51kvN0k5wH0DKtbv3gdrrz7IzAOSYfANz8s7OYNa/aqIYYFZO+06gQDiz8ptgy6vZ/gIHkhxsAgYTF1q82n37VOX+bfoKkbi41LrBzMkki3B9b1SRW5h0Y3aJya4GmPbgkd4A03DxFZQI2A2X+ukBUNQxKBOr9jXo3nrkUKCR6HxfxF4784U1NMiCtrgvu8Ww9tWlBgJ6hsw28cu0ZMHB1EbJgDbXuQ==
signature_date : 2023-04-03T16:01:41.004326
signed_attributes : package,version,architecture,section,priority,name,categories,maintainer,description,depends,conflicts,maturity,locale,target_os,min_wapt_version,sources,installed_size,impacted_process,description_fr,description_pl,description_de,description_es,description_pt,description_it,description_nl,description_ru,audit_schedule,editor,keywords,licence,homepage,package_uuid,valid_from,valid_until,forced_install_on,changelog,min_os_version,max_os_version,icon_sha256sum,signer,signer_fingerprint,signature_date,signed_attributes
Setup.py
# -*- coding: utf-8 -*-
from setuphelpers import *
"""
Procedures:
https://cyberwatch.fr/actualite/cve-2021-34527-comment-identifier-et-neutraliser-la-vulnerabilite-printnightmare/
Sources:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
https://msrc.microsoft.com/update-guide/fr-fr/vulnerability/CVE-2021-34527
"""
# Usable WAPT package functions: install(), uninstall(), session_setup(), audit(), update_package()
# Declaring global variables - Warnings: 1) WAPT context is only available in package functions; 2) Global variables are not persistent between calls
hard_fix = False # Will Disable the Spooler Service
kbs_dict = [
{
"win_vers": WindowsVersions.WindowsServer2008R2,
"arch": "x64",
"kbs_dl_url_list": [
"http://download.windowsupdate.com/d/msdownload/update/software/secu/2021/07/windows6.1-kb5004953-x64_62d21485a29cad041230e4c647baeaeacc09ac7c.msu",
"http://download.windowsupdate.com/c/msdownload/update/software/secu/2021/07/windows6.1-kb5004951-x64_2fcf9eaa66615884884cc1cb9f75fc96294cbf2a.msu",
],
},
{
"win_vers": WindowsVersions.WindowsServer2008,
"arch": "x64",
"kbs_dl_url_list": [
"http://download.windowsupdate.com/c/msdownload/update/software/secu/2021/07/windows6.0-kb5004959-x64_7bfadd426a5764d3a2886afbb73f727fae5e0f67.msu",
"http://download.windowsupdate.com/c/msdownload/update/software/secu/2021/07/windows6.0-kb5004955-x64_b92514eb3350cddd3ce1a2e14c0cf921e3e450d2.msu",
],
},
]
def install():
# Declaring local variables
if iswin64():
arch = "x64"
else:
arch = "x86"
patched = False
# Installing the package
if hard_fix:
run_powershell("Stop-Service -Name Spooler -Force")
run_powershell("Set-Service -Name Spooler -StartupType Disabled")
registry_set(HKEY_LOCAL_MACHINE, r"SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint", "NoWarningNoElevationOnInstall", 0)
registry_set(HKEY_LOCAL_MACHINE, r"SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint", "UpdatePromptSettings", 0)
# Installing Windows KBs
for kbs in kbs_dict:
for kb_url in kbs["kbs_dl_url_list"]:
kb_file = kb_url.split("/")[-1]
kb_name = kb_file.split("-")[1].upper()
kb_nb = kb_name.replace("KB", "")
if kbs["arch"] == arch:
if kbs["win_vers"] == windows_version():
with EnsureWUAUServRunning():
if not is_kb_installed(kb_nb):
print("Installing: {}".format(kb_file))
run(
'wusa.exe "{}" /quiet /norestart'.format(kb_file),
accept_returncodes=[0, 3010, 2359302, -2145124329, 2149842967],
timeout=3600,
)
if not is_kb_installed(kb_nb):
print("WARNING: {} installation do not complete".format(kb_name))
else:
print("{} is already installed".format(kb_name))
patched = True
if not patched:
print("WARNING: This PC has not been patched with a KB")
def audit():
return_error = False
if (
registry_readstring(HKEY_LOCAL_MACHINE, r"SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint", "NoWarningNoElevationOnInstall")
!= "0"
or registry_readstring(HKEY_LOCAL_MACHINE, r"SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint", "UpdatePromptSettings") != "0"
):
print("ERROR: Registry values has changed")
WAPT.write_audit_data("fix-printnightmare", "reg-values-has-changed", "yes", keep_days=365)
print("INFO: Switching registry values to desired ones")
registry_set(HKEY_LOCAL_MACHINE, r"SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint", "NoWarningNoElevationOnInstall", 0)
registry_set(HKEY_LOCAL_MACHINE, r"SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint", "UpdatePromptSettings", 0)
return_error = True
if hard_fix:
service_start_mode = get_service_start_mode("Spooler")
if service_start_mode != "Disabled":
print("ERROR: Spooler service was not disabled")
run_powershell("Set-Service -Name Spooler -StartupType Disabled")
return_error = True
WAPT.write_audit_data("fix-printnightmare", "spooler-start-mode", service_start_mode, keep_days=365)
if not run_powershell("Get-Service -Name Spooler | Select-Object -ExpandProperty Status", output_format="text").startswith("Stopped"):
print("ERROR: Spooler service was running")
run_powershell("Stop-Service -Name Spooler -Force")
return_error = True
WAPT.write_audit_data("fix-printnightmare", "spooler-was-running", "yes", keep_days=365)
if return_error:
return "ERROR"
else:
return "OK"
def update_package():
# Declaring local variables
result = False
proxies = get_proxies()
if not proxies:
proxies = get_proxies_from_wapt_console()
version = control.get_software_version()
# Downloading Windows KBs
for kbs in kbs_dict:
for kb_url in kbs["kbs_dl_url_list"]:
kb_file = kb_url.split("/")[-1]
kb_name = kb_file.split("-")[1].upper()
kb_nb = kb_name.replace("KB", "")
if not isfile(kb_file):
print("Downloading: %s" % kb_file)
wget(kb_url, kb_file, proxies=proxies)
# Changing version of the package
if Version(version) > Version(control.get_software_version()):
print("Software version updated (from: %s to: %s)" % (control.get_software_version(), Version(version)))
result = True
control.version = "%s-%s" % (Version(version), control.version.split("-", 1)[-1])
# control.set_software_version(Version(version))
control.save_control_to_wapt()
# Validating update-package-sources
return result
def is_kb_installed(hotfixid):
r"""Check whether the Windows KB is installed
Returns:
boolean
>>> is_kb_installed('3216755')
True
>>> is_kb_installed('Kb3216755')
True
"""
if not hotfixid.upper().startswith("KB"):
hotfixid = "KB" + hotfixid
installed_update = installed_windows_updates()
if [kb for kb in installed_update if kb["HotFixID"].upper() == hotfixid.upper()]:
return True
return False
6a44be706e42b9583a4a81db1815b0bb1733f2a6bbd13b67d04dd891e1a2d89d : setup.py
9eea1d9f53f57563f2259f0a05fd7054c6d255d06bfcaef3e52b5c13dc978fa5 : windows6.0-kb5004959-x64_7bfadd426a5764d3a2886afbb73f727fae5e0f67.msu
f5a7f47de3c4f515299218fa9dc02f8e307aeb02edcd3ca18df5dbc2c7577761 : windows6.1-kb5004951-x64_2fcf9eaa66615884884cc1cb9f75fc96294cbf2a.msu
50ebc8b391d1e8930ff6b89e962c0af3c804cab454c62d13514438f4dd703e60 : WAPT/icon.png
a5a97261381e1d0ad46ee15916abec9c2631d0201f5cc50ceb0197a165a0bbbf : WAPT/certificate.crt
db53074c289a0684083842404142c71cbcf6ed995eaa11ed62e0d48ada9076d8 : windows6.1-kb5004953-x64_62d21485a29cad041230e4c647baeaeacc09ac7c.msu
93412d4fcebf4c7ab50a3b30d72d62d9a93d22771b578be41efdd47d9c4f2932 : luti.json
708dbcb4520badc03d322c4b0c280159aaf3894f7a1687f3fe3c02bfab724626 : windows6.0-kb5004955-x64_b92514eb3350cddd3ce1a2e14c0cf921e3e450d2.msu
bff19570f67aae65facf624ba7234395dd8de762aa3c9457a3a9860590639051 : WAPT/control