Jump to content
  • Microsoft releases mandatory Windows updates to fix PrintNightmare exploit [Update]


    Karlston

    • 1.6k views
    • 6 minutes
     Share


    • 1.6k views
    • 6 minutes

    Microsoft releases mandatory Windows updates to fix PrintNightmare exploit [Update] 

     

    Earlier last week, Microsoft acknowledged that it was investigating a critical vulnerability in Windows 10 that when exploited could let attackers run arbitrary code on the victim’s system. The vulnerability, tracked under CVE-2021-34527, is present in the Windows Print Spooler service and is termed print "PrintNightmare" that can allow for remote code execution (RCE). As the vulnerability was still being investigated, the Redmond firm listed two possible workarounds to mitigate the risks caused by the bug.

     

    Today, the firm has provided an update in the Microsoft Security Response Center (MSRC) listing for the vulnerability noting that it is rolling out a patch for the latest Windows 10 versions to address the issue. The update, KB5004945, is currently rolling out to the three most recent Windows 10 versions, 2004, 20H2, and 21H1, bumping them to Windows 10 builds 19041.1083, 19042.1083, and 19043.1083, respectively. Since these versions are based on the same codebase, the updates are identical for all the versions. The changelog and documentation for the update are yet to go live.

    A Windows Update screen showing a cumulative update that is waiting to be installed

    Considering that these are security updates to fix a critical vulnerability, they are mandatory updates and are downloaded automatically through Windows Update. Users can also manually download the patch from the Update Catalog here. Future patches, such as the upcoming Patch Tuesday updates, will contain these fixes.

     

    There is no word from the firm on how the vulnerability affects older versions of the OS, though it notes that it has completed the investigation of the issue. The updates today are only rolling out to the three most recent and fully supported Windows 10 versions, but it will not be surprising to see a patch being made available for older versions still being supported for Enterprise and Education customers sooner, as the firm notes that supported Windows versions that do not receive an update today will get one "shortly after July 6".

     

    For those unaware, the PrintNightmare vulnerability is caused by the Print Spooler service not restricting access to a function that is used to install printer drivers remotely. An attacker that gains unrestricted access can execute arbitrary code with SYSTEM privileges, examples of which are already available on the web. Considering the severity of the vulnerability, it is best for all users to update to the latest build as soon as possible.

     

    Update: The patches are available for most supported Windows 10, Windows 8.1, and Windows 7 (ESU users). You can either update via Windows Update, or head to the MSRC document to find links to the requisite Update Catalog pages. The company has also provided the KB article links, but as is the case these days, those pages are yet to be updated. Windows 10 version 1607, Windows Server 2012, and Windows Server 2016 are yet to receive updates.

     

    Here is the complete list of links posted by the firm:

     

    Product

    Severity Article Download
    Windows Server 2012 R2 (Server Core installation) Critical 5004954 Monthly Rollup
    Windows Server 2012 R2 (Server Core installation) Critical 5004958 Security Only
    Windows Server 2012 R2 Critical 5004954 Monthly Rollup
    Windows Server 2012 R2 Critical 5004958 Security Only
    Windows Server 2012 (Server Core installation) Critical    
    Windows Server 2012 Critical    
    Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Critical 5004953 Monthly Rollup
    Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Critical 5004951 Security Only
    Windows Server 2008 R2 for x64-based Systems Service Pack 1 Critical 5004953 Monthly Rollup
    Windows Server 2008 R2 for x64-based Systems Service Pack 1 Critical 5004951 Security Only
    Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Critical 5004955 Monthly Rollup
    Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Critical 5004959 Security Only
    Windows Server 2008 for x64-based Systems Service Pack 2 Critical 5004955 Monthly Rollup
    Windows Server 2008 for x64-based Systems Service Pack 2 Critical 5004959 Security Only
    Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Critical 5004955 Monthly Rollup
    Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Critical 5004959 Security Only
    Windows Server 2008 for 32-bit Systems Service Pack 2 Critical 5004955 Monthly Rollup
    Windows Server 2008 for 32-bit Systems Service Pack 2 Critical 5004959 Security Only
    Windows 8.1 for x64-based systems Critical 5004954 Monthly Rollup
    Windows 8.1 for x64-based systems Critical 5004958 Security Only
    Windows 8.1 for 32-bit systems Critical 5004954 Monthly Rollup
    Windows 8.1 for 32-bit systems Critical 5004958 Security Only
    Windows 7 for x64-based Systems Service Pack 1 Critical 5004953 Monthly Rollup
    Windows 7 for x64-based Systems Service Pack 1 Critical 5004951 Security Only
    Windows 7 for 32-bit Systems Service Pack 1 Critical 5004953 Monthly Rollup
    Windows 7 for 32-bit Systems Service Pack 1 Critical 5004951 Security Only
    Windows Server 2016 (Server Core installation) Critical    
    Windows Server 2016 Critical    
    Windows 10 Version 1607 for x64-based Systems Critical    
    Windows 10 Version 1607 for 32-bit Systems Critical    
    Windows 10 for x64-based Systems Critical 5004950 Security Update
    Windows 10 for 32-bit Systems Critical 5004950 Security Update
    Windows Server, version 20H2 (Server Core Installation) Critical 5004945 Security Update
    Windows 10 Version 20H2 for ARM64-based Systems Critical 5004945 Security Update
    Windows 10 Version 20H2 for 32-bit Systems Critical 5004945 Security Update
    Windows 10 Version 20H2 for x64-based Systems Critical 5004945 Security Update
    Windows Server, version 2004 (Server Core installation) Critical 5004945 Security Update
    Windows 10 Version 2004 for x64-based Systems Critical 5004945 Security Update
    Windows 10 Version 2004 for ARM64-based Systems Critical 5004945 Security Update
    Windows 10 Version 2004 for 32-bit Systems Critical 5004945 Security Update
    Windows 10 Version 21H1 for 32-bit Systems Critical 5004945 Security Update
    Windows 10 Version 21H1 for ARM64-based Systems Critical 5004945 Security Update
    Windows 10 Version 21H1 for x64-based Systems Critical 5004945 Security Update
    Windows 10 Version 1909 for ARM64-based Systems Critical 5004946 Security Update
    Windows 10 Version 1909 for x64-based Systems Critical 5004946 Security Update
    Windows 10 Version 1909 for 32-bit Systems Critical 5004946 Security Update
    Windows Server 2019 (Server Core installation) Critical 5004947 Security Update
    Windows Server 2019 Critical 5004947 Security Update
    Windows 10 Version 1809 for ARM64-based Systems Critical 5004947 Security Update
    Windows 10 Version 1809 for x64-based Systems Critical 5004947 Security Update
    Windows 10 Version 1809 for 32-bit Systems Critical 5004947 Security Update

     

    Update 2: The KB articles are now live for those interested in reading through the changelog. For Windows 10, the changelog is mostly similar across versions. Here is how the firm details the update:

    Addresses a remote code execution exploit in the Windows Print Spooler service, known as “PrintNightmare”, as documented in CVE-2021-34527. After installing this and later Windows updates, users who are not administrators can only install signed print drivers to a print server. By default, administrators can install signed and unsigned printer drivers to a print server. The installed root certificates in the system’s Trusted Root Certification Authorities trusts signed drivers. Microsoft recommends that you immediately install this update on all supported Windows client and server operating system, starting with devices that currently host the print server role. You also have the option to configure the RestrictDriverInstallationToAdministrators registry setting to prevent non-administrators from installing signed printer drivers on a print server. For more information, see KB5005010.

     

    Microsoft releases mandatory Windows updates to fix PrintNightmare exploit [Update]


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...