Security News

Microsoft released a pre-patch advisory to confirm the severe new vulnerability after researchers published video of demo exploits on Twitter showing that Redmond's latest PrintNightmare update was again problematic. To make matters worse, anti-malware vendor CrowdStrike is warning that ransomware actors are already targeting one of the Windows PrintNightmare vulnerabilities to launch data-encrypting extortion attacks in South Korea.

The fix means that only administrators will be able to install print drivers on Windows PCs. Microsoft has finally patched the last in a series of security vulnerabilities in its Windows Print Spooler service that could have allowed attackers to remotely control an affected system and install malicious programs or create new accounts. On Tuesday, the company pushed out its August Patch Tuesday lineup, which included a fix for the Print Spooler Remote Code Execution Vulnerability to address this specific issue.

One day after dropping its scheduled August Patch Tuesday update, Microsoft issued a warning about yet another unpatched privilege escalation/remote code-execution vulnerability in the Windows Print Spooler. On Thursday, CERT/CC issued more details on the issue, explaining that it arises from an oversight in signature requirements around the "Point and Print" capability, which allows users without administrative privileges to install printer drivers that execute with SYSTEM privileges via the Print Spooler service.

A day after releasing Patch Tuesday updates, Microsoft acknowledged yet another remote code execution vulnerability in the Windows Print Spooler component, adding that it's working to remediate the issue in an upcoming security update. Tracked as CVE-2021-36958, the unpatched flaw is the latest to join a list of bugs collectively known as PrintNightmare that have plagued the printer service and come to light in recent months.

A day after releasing Patch Tuesday updates, Microsoft acknowledged yet another remote code execution vulnerability in the Windows Print Spooler component, adding that it's working to remediate the issue in an upcoming security update. "A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations," the company said in its out-of-band bulletin, echoing the vulnerability details for CVE-2021-34481.

Microsoft has issued an advisory for another zero-day Windows print spooler vulnerability tracked as CVE-2021-36958 that allows local attackers to gain SYSTEM privileges on a computer. This vulnerability is part of a class of bugs known as 'PrintNightmare,' which abuses configuration settings for the Windows print spooler, print drivers, and the Windows Point and Print feature.

Microsoft appears intent on turning the print spooler remote code execution vulnerability known as "PrintNightmare" into an AdminNightmare, judging by its latest mitigation, which requires administrator privileges for Point and Print driver installation and update. As a reminder, PrintNightmare began life as an accidentally disclosed zero-day at the end of June and permitted an attacker to run arbitrary code on Windows with SYSTEM privileges.

Microsoft on Tuesday rolled out security updates to address a total of 44 security issues affecting its software products and services, one of which it says is an actively exploited zero-day in the wild. Chief among the patched issues is CVE-2021-36948, an elevation of privilege flaw affecting Windows Update Medic Service - a service that enables remediation and protection of Windows Update components - which could be abused to run malicious programs with escalated permissions.

Microsoft on Tuesday rolled out security updates to address a total of 44 security issues affecting its software products and services, one of which it says is an actively exploited zero-day in the wild. Chief among the patched issues is CVE-2021-36948, an elevation of privilege flaw affecting Windows Update Medic Service - a service that enables remediation and protection of Windows Update components - which could be abused to run malicious programs with escalated permissions.

Microsoft has revived the Remote Desktop Connection Manager app that was deprecated last year due to an important severity information disclosure bug the company decided not to fix. After discontinuing the app, Microsoft advised customers to switch to Windows built-in Remote Desktop Connection or the universal Remote Desktop client.