Microsoft releases an emergency Out-of-Band update for PrintNightmare Zero-Day

PUBLISHED:
7 July 2021

Microsoft releases an emergency Out-of-Band update for PrintNightmare Zero-Day

Microsoft has released an emergency security update (KB5004945) to fix the actively exploited PrintNightmare zero-day vulnerability in the Windows Print Spooler service impacting all Windows versions. However, the patch addresses only the remote code execution (RCE) flaw and the vulnerability can still be locally exploited (LPE) to gain SYSTEM privileges.

Affected Versions

All versions of Windows.

Mitigation

Security update addresses following Microsoft Operating Systems.

• Windows Server 2019
• Windows Server 2012 R2
• Windows Server 2008
• Windows 8.1
• Windows RT 8.1
• Windows 10 (versions 21H1, 20H2, 2004, 1909, 1809, 1803, and 1507)

Security updates have not yet been released for Windows 10 version 1607, Windows Server 2016, or Windows Server 2012, but they will also be released soon, according to Microsoft. TechCERT strongly advises administrators to test and install these out-of-band security updates immediately to address the PrintNightmare vulnerability. Those who cannot install these updates as soon as possible should check out the FAQ and Workaround sections in the CVE-2021-34527 security advisory for info on how to protect their systems from attacks exploiting this vulnerability.

More Information

• Windows Print Spooler Remote Code Execution Vulnerability : CVE-2021-34527 (Security Update) – https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
• Take action: Out-of-band update to address a remote code execution exploit in the Windows Print Spooler service – https://docs.microsoft.com/en-us/windows/release-health/windows-message-center#1646