7 July 2021 [NO.TCSA : 20210707-1-1-P]
Microsoft has released an emergency security update (KB5004945) to fix the actively exploited PrintNightmare zero-day vulnerability in the Windows Print Spooler service impacting all Windows versions. However, the patch addresses only the remote code execution (RCE) flaw and the vulnerability can still be locally exploited (LPE) to gain SYSTEM privileges.
All versions of Windows.
Security update addresses following Microsoft Operating Systems.
Security updates have not yet been released for Windows 10 version 1607, Windows Server 2016, or Windows Server 2012, but they will also be released soon, according to Microsoft. TechCERT strongly advises administrators to test and install these out-of-band security updates immediately to address the PrintNightmare vulnerability. Those who cannot install these updates as soon as possible should check out the FAQ and Workaround sections in the CVE-2021-34527 security advisory for info on how to protect their systems from attacks exploiting this vulnerability.