Security News > 2021 > July > Microsoft Issues Emergency Patch for Critical Windows PrintNightmare Vulnerability
Microsoft has shipped an emergency out-of-band security update to address a critical zero-day vulnerability - known as "PrintNightmare" - that affects the Windows Print Spooler service and can permit remote threat actors to run arbitrary code and take over vulnerable systems.
"The Microsoft Windows Print Spooler service fails to restrict access to functionality that allows users to add printers and related drivers, which can allow a remote authenticated attacker to execute arbitrary code with SYSTEM privileges on a vulnerable system," the CERT Coordination Center said of the issue.
It's worth noting that PrintNightmare includes both remote code execution and a local privilege escalation vector that can be abused in attacks to run commands with SYSTEM privileges on targeted Windows machines.
"The Microsoft update for CVE-2021-34527 only appears to address the Remote Code Execution variants of the PrintNightmare, and not the Local Privilege Escalation variant," CERT/CC vulnerability analyst Will Dormann said.
Microsoft has even taken the unusual step of issuing the fix for Windows 7, which officially reached the end of support as of January 2020.
The update does not include Windows 10 version 1607, Windows Server 2012, or Windows Server 2016, for which the Redmond-based company stated patches will be released in the forthcoming days.
News URL
Related news
- Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- Microsoft says premature patch could make Windows Recall forget how to work (source)
- Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability (source)
- Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others (source)
- BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products (source)
- Patching problems: The “return” of a Windows Themes spoofing vulnerability (source)
- Microsoft fixes Windows 10 bug causing apps to stop working (source)
- Microsoft wants $30 if you want to delay Windows 11 switch (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-07-02 | CVE-2021-34527 | Improper Privilege Management vulnerability in Microsoft products <p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. | 0.0 |