Microsoft Issues Urgent Security Updates for PrintNightmare-Suggests Immediately update

431

July 8, 2021

Microsoft has issued an urgent advisory notice urging Windows users to immediately install an update to fix a serious vulnerability in the operating system.

The security flaw, known as PrintNightmare, affects the Windows Print Spooler service. Attackers who can remotely execute the code can gain system-level privileges, including the ability to install software, modify or delete data and create administrative accounts that effectively give them full control of the computer or even a domain controller.

The vulnerability was revealed last week after Researchers at cybersecurity company Sangfor accidentally published a how-to guide for exploiting the Windows Print Spooler service.

The researchers tweeted in late May that they had found vulnerabilities in Print Spooler, which allows multiple users to access a printer. They published a proof-of-concept online by mistake and subsequently deleted it.

We deleted the POC of PrintNightmare. To mitigate this vulnerability, please update Windows to the latest version, or disable the Spooler service. For more RCE and LPE in Spooler, stay tuned and wait our Blackhat talk. https://t.co/heHeiTCsbQ
— zhiniang peng (@edwardzpeng) June 29, 2021

Sangfor later deleted the instructions, but copies had already been posted elsewhere.

Microsoft warned that hackers that exploit the vulnerability could install programs, view and delete data or even create new user accounts with full user rights. That gives hackers enough command and control of your PC to do some serious damage.

Microsoft on Wednesday released the security update for Windows Server 2012, Windows Server 2016 and Windows 10, Version 1607, and recommends that the patch be installed immediately using the Windows Update service and that businesses disable the Print Spooler service until the fix can be applied to every PC on its network.

Microsoft’s latest update is a “cumulative update release, so it contains all previous security fixes and should be applied immediately to fully protect the systems.”

CISA encourages users and administrators to review the Microsoft Security Updates as well as CERT/CC Vulnerability Note VU #383432 and apply the necessary updates or workarounds.

Microsoft: Out-of-Band (OOB) Security Update available for CVE-2021-34527

Article from the CISA: Microsoft Releases Out-of-Band Security Updates for PrintNightmare

Source: CISA and inputs from Microsoft and tech agencies