Security News > 2021 > July > Microsoft Ships Emergency Patch for Critical Windows 'PrintNightmare' Vulnerability

Microsoft late Tuesday pushed out an emergency patch to cover the Windows 'PrintNightmare' security flaw.

The issue caused major headaches in security research circles because the exploit targets CVE-2021-1675, a vulnerability that was patched by Microsoft on June 8 and originally misdiagnosed as a low-risk privilege escalation issue.

Microsoft updated its bulletin on June 21 to confirm remote code execution vectors but when the Black Hat conference announced the acceptance of a presentation on the details of the vulnerability, proof-of-concept code and a full technical write-up was published showing a path to remote code execution.

"A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."

The U.S. government's CISA cybersecurity agency is encouraging Windows fleet admins to disable the Windows Print spooler service in Domain Controllers and systems that do not print.

Print Spooler, which is turned on by default on Microsoft Windows, is an executable file that's responsible for managing all print jobs getting sent to the computer printer or print server.

News URL

http://feedproxy.google.com/~r/securityweek/~3/0RuPj7wvdTc/microsoft-ships-emergency-patch-critical-windows-printnightmare-vulnerability