PrintNightmare, the new critical vulnerability, was revealed last week when security researchers mistakenly published a proof-of-concept exploit code. Microsoft has released security updates to deal with the flaw, labeling it as critical.
The vulnerability allows attackers to remotely execute code with system-level privileges on any machine affected. Due to the Print Spooler service being a default service on Windows, Microsoft had to release patches for Windows Server 2019, Windows Server 2012 R2, Windows Server 2008, Windows 8.1, Windows RT 8.1 as well as all Windows 10 versions. The severity of the issue is highlighted by the fact that Microsoft even had to release a patch for Windows 7 for the issue, even though Windows 7 support has ended.
Microsoft issued a 0-day alert fairly quickly for all Windows versions affected. The PrintNightmare vulnerability allows threat actors to install programs, modify existing data and even create new accounts with admin rights.
Microsoft said that they “recommend that you install these updates immediately,” and that “The security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as ‘PrintNightmare’, documented in CVE-2021-34527.”
As of the 7th of June, Microsoft has released an update that affects all versions of Windows still in support. Microsoft has released detailed steps to follow on how to install these updates:
- Windows 10, version 21H1 (KB5004945)
- Windows 10, version 20H2 (KB5004945)
- Windows 10, version 2004 (KB5004945)
- Windows 10, version 1909 (KB5004946)
- Windows 10, version 1809 and Windows Server 2019 (KB5004947)
- Windows 10, version 1607 and Windows Server 2016 (KB5004948)
- Windows 10, version 1507 (KB5004950)
- Windows Server 2012 (Monthly Rollup KB5004956 / Security only KB5004960)
- Windows 8.1 and Windows Server 2012 R2 (Monthly Rollup KB5004954 / Security only KB5004958)
- Windows 7 SP1 and Windows Server 2008 R2 SP1 (Monthly Rollup KB5004953 / Security only KB5004951)
- Windows Server 2008 SP2 (Monthly Rollup KB5004955 / Security only KB5004959)
“Microsoft recommends that you immediately install this update on all supported Windows client and server operating system, starting with devices that currently host the print server role,” they announced.