Security News > 2021 > June > PrintNightmare, the zero-day hole in Windows – here’s what to do
For details about the emergency patch released by Microsoft on 2021-07-06,please see: PrintNightmare official patch is out - update now!
You'll also hear and see the flaw referred to as the Print Spooler bug, based on the headline on Microsoft's security update guide that describes the flaw as a Windows Print Spooler Vulnerability.
The bug was initially documented by Microsoft as opening up an EoP hole in pretty much every supported Windows version, all the way from Windows 7 SP1 to Server 2019.
On 21 June 2021, Microsoft upgraded the CVE-2021-1675 security update page to admit that the bug could be used for RCE as well, making it a more serious vulnerability than an EoP-only hole.
It's a Windows Print Spooler Remote Code Execution Vulnerability, just like CVE-2021-1675, but it's not prevented by the latest Patch Tuesday update.
Microsoft released an emergency patch on 2021-07-06,described here: PrintNightmare official patch is out - update now!
News URL
Related news
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- New Windows Themes zero-day gets free, unofficial patches (source)
- Windows Themes zero-day bug exposes users to NTLM credential theft (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- How a Windows zero-day was exploited in the wild for months (CVE-2024-43451) (source)
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)
- RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (source)
- Firefox and Windows zero-days exploited by Russian RomCom hackers (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-08 | CVE-2021-1675 | Unspecified vulnerability in Microsoft products Windows Print Spooler Remote Code Execution Vulnerability | 0.0 |