Security News

Just days after shipping an emergency Windows update to cover a dangerous code execution flaw in the Print Spooler service, Microsoft is investigating a new set of claims that its so-called 'PrintNightmare' patch has not properly fixed the underlying vulnerability. The company followed up with a blog post late Thursday insisting the emergency patch is "Working as designed" and "Effective against the known print spooling exploits."

Updates are available for Windows 7 and Server 2008/2008 R2 if you have an Extended Security Update subscription. Windows 10 21H1, released on May 18 now bundles the servicing stack updates and the latest cumulative updates into a single package.

Even as Microsoft expanded patches for the so-called PrintNightmare vulnerability for Windows 10 version 1607, Windows Server 2012, and Windows Server 2016, it has come to light that the fix for the remote code execution exploit in the Windows Print Spooler service can be bypassed in certain scenarios, effectively defeating the security protections and permitting attackers to run arbitrary code on infected systems. "Several days ago, two security vulnerabilities were found in Microsoft Windows' existing printing mechanism," Yaniv Balmas, head of cyber research at Check Point, told The Hacker News.

Google on Wednesday announced the availability of the July 2021 security updates for the Android operating system, which include patches for over 40 vulnerabilities. Seventeen of the vulnerabilities were addressed with the 2021-07-01 security patch level.

One of the vulnerabilities in Kaseya's IT management software VSA that was exploited by miscreants to infect up to 1,500 businesses with ransomware was reported to the vendor in April - and the patch just wasn't ready in time. Kaseya pulled the plug on its software-as-a-service offering of VSA, and urged all of its customers to switch off their VSA servers to avoid being hit by the ransomware.

Here's the good news: Microsoft has released an emergency patch for the infamous PrintNightmare bug that was revealed in the Windows Print Spooler just over a week ago. In Windows update parlance, OOB refers to patches that are deemed so important that they can't wait until the next official Patch Tuesday, which is always the second Tuesday in each calendar month.

So a RCE with #printnightmare on a fully patched server, with Point & Print enabled. Mimikatz creator Benjamin Delpy, who is also responsible for the R&D Security Center at the Banque de France, shared a screenshot of a reversed-engineered Windows DLL with The Register and explained that the problem was down to how Microsoft was checking for remote libraries in its patch for PrintNightmare aka CVE-2021-34527.

Researchers have bypassed Microsoft's emergency patch for the PrintNightmare vulnerability to achieve remote code execution and local privilege escalation with the official fix installed. "If you're using 0patch against PrintNightmare, DO NOT apply the July 6 Windows Update! Not only does it not fix the local attack vector but it also doesn't fix the remote vector. However, it changes localspl.dll, which makes our patches that DO fix the problem stop applying," tweeted the 0Patch service.

Microsoft on Tuesday issued an emergency software update to quash a security bug that's been dubbed "PrintNightmare," a critical vulnerability in all supported versions of Windows that is actively being exploited. The fix comes a week ahead of Microsoft's normal monthly Patch Tuesday release, and follows the publishing of exploit code showing would-be attackers how to leverage the flaw to break into Windows computers.

Fixing a serious security hole in the Windows Print spooler service, the patch is available for almost all versions of Windows, even Windows 7. Microsoft has deployed a patch for a vulnerability so critical that even older, unsupported versions of Windows are receiving it.