Microsoft has released an out-of-band security update for the Windows Print Spooler vulnerability, known as PrintNightmare, that was uncovered last week.
The vulnerability (CVE-2021-34527) impacts the Windows Print Spooler service, which would allow remote code execution and a potential takeover of the system by an attacker. The emergency security update will fix the critical vulnerability. It is a cumulative update release and contains previous security fixes too.
The vulnerability was discovered after a group of researchers from Sangfor, a Chinese software company, accidentally published a proof-of-concept exploit on Github on June 29. Although the test code was removed from Github in a few hours, it was assumed that the code would allow cybercriminals to exploit the Print Spooler vulnerability and execute code with system-level privileges remotely.
Once the attacker has control over a vulnerable machine, they could install programs, modify data and create new accounts.
Microsoft identified the vulnerability and issued an alert about the 0-day on June 2. The security patch started rolling out on June 6.
Microsoft recommends that the update should be installed immediately. The update also includes a new feature that would allow people to “implement stronger protections” by restricting the installation of new printer drivers.
The security update will not be available to all Windows versions. The patch for Windows Server 2016, Windows 10, version 1607, and Windows Server 2012 isn’t ready yet.
For those stuck without a security patch for the time being, here is a workaround to mitigate the vulnerability.
The options mainly revolve around disabling the Windows Print Spooler service or disabling inbound remote printing through the Group Policy Editor to remove the remote attack vector. In this case, your system will not function as a print server, but you’ll still be able to print locally from a device attached to your PC.Windows PrintNightmare vulnerability is being actively exploited
“Note that the security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as “PrintNightmare”, documented in CVE-2021-34527..”MSRC