Microsoft releases mandatory Windows updates to fix PrintNightmare exploit [Update] – .

0
282
Microsoft releases mandatory Windows updates to fix PrintNightmare exploit [Update] – .


Earlier last week, Microsoft admitted that it was investigating a critical vulnerability in Windows 10 that, when exploited, could allow attackers to execute arbitrary code on the victim’s system. The vulnerability, tracked as CVE-2021-34527, is present in the Windows Print Spooler service and is named print “PrintNightmare” which may allow remote code execution (RCE). While the vulnerability was still being investigated, the Redmond firm listed two possible workarounds to mitigate the risks caused by the bug.

Today, the company provided an update to the Microsoft Security Response Center (MSRC) list for the vulnerability, noting that it is deploying a patch for the latest versions of Windows 10 to address the issue. The update, KB5004945, is currently deployed on the three most recent versions of Windows 10, 2004, 20H2, and 21H1, replacing them with Windows 10 versions 19041.1083, 19042.1083, and 19043.1083, respectively. Since these versions are based on the same code base, the updates are the same for all versions. The changelog and update documentation are not yet online.

Considering that these are security updates to fix a critical vulnerability, these are mandatory updates and are downloaded automatically through Windows Update. Users can also manually download the patch from the update catalog here. Future fixes, such as upcoming Patch Tuesday updates, will contain these fixes.

There is no word from the company on how the vulnerability affects older versions of the operating system, although it does note that it has finished investigating the issue. Today’s updates are only rolled out to the three most recent and fully supported versions of Windows 10, but it won’t be surprising to see a patch available for older versions that is still supported for them. Enterprise and Education customers supported Windows versions that do not receive an update today will receive an update “shortly after July 6”.

For those who do not know, the PrintNightmare vulnerability is caused by the Print Spooler service which does not restrict access to a function used to install printer drivers remotely. An attacker who obtains unrestricted access can execute arbitrary code with SYSTEM privileges, examples of which are already available on the web. Considering the severity of the vulnerability, it is best for all users to update to the latest version as soon as possible.

Update: Patches are available for most supported versions of Windows 10, Windows 8.1, and Windows 7 (ESU users). You can either update through Windows Update or head to the MSRC document to find links to the required update catalog pages. The company has provided the links to the KB articles as well, but as is the case these days, those pages have yet to be updated. Windows 10 version 1607, Windows Server 2012, and Windows Server 2016 have not yet received updates.

Here is the complete list of links posted by the firm:

Update 2: Knowledgebase articles are now live for those who want to read the changelog. For Windows 10, the changelog is mostly similar from version to version. Here’s how the company details the update:

Resolves a remote code execution exploit in the Windows Print Spooler service, known as “PrintNightmare”, as documented in CVE-2021-34527. After you install this Windows update and later versions, users who are not administrators can only install signed print drivers on a print server. By default, administrators can install signed and unsigned printer drivers on a print server. Root certificates installed in the system’s trusted root certification authorities trust signed drivers. Microsoft recommends that you immediately install this update on all supported Windows client and server operating systems, starting with the devices that currently host the print server role. You also have the option of configuring the RestrictDriverInstallationToAdministrators registry setting to prevent non-administrators from installing signed printer drivers on a print server. For more information, see KB5005010.



LEAVE A REPLY

Please enter your comment!
Please enter your name here