Security News > 2021 > July > Microsoft Issues Emergency Patch for Critical Windows PrintNightmare Vulnerability
Microsoft has shipped an emergency out-of-band security update to address a critical zero-day vulnerability - known as "PrintNightmare" - that affects the Windows Print Spooler service and can permit remote threat actors to run arbitrary code and take over vulnerable systems.
"The Microsoft Windows Print Spooler service fails to restrict access to functionality that allows users to add printers and related drivers, which can allow a remote authenticated attacker to execute arbitrary code with SYSTEM privileges on a vulnerable system," the CERT Coordination Center said of the issue.
It's worth noting that PrintNightmare includes both remote code execution and a local privilege escalation vector that can be abused in attacks to run commands with SYSTEM privileges on targeted Windows machines.
"The Microsoft update for CVE-2021-34527 only appears to address the Remote Code Execution variants of the PrintNightmare, and not the Local Privilege Escalation variant," CERT/CC vulnerability analyst Will Dormann said.
Microsoft has even taken the unusual step of issuing the fix for Windows 7, which officially reached the end of support as of January 2020.
The update does not include Windows 10 version 1607, Windows Server 2012, or Windows Server 2016, for which the Redmond-based company stated patches will be released in the forthcoming days.
News URL
Related news
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488) (source)
- Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks (source)
- Microsoft ends development of Windows Server Update Services (WSUS) (source)
- CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns (source)
- PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987) (source)
- Patch now: Critical Nvidia bug allows container escape, complete host takeover (source)
- Critical NVIDIA Container Toolkit Vulnerability Could Grant Full Host Access to Attackers (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-07-02 | CVE-2021-34527 | Improper Privilege Management vulnerability in Microsoft products <p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. | 8.8 |