Microsoft releases emergency patch for Windows Flaw – Krebs on Security
Microsoft Tuesday released an emergency software update to reverse a security bug that has been dubbed “Print Nightmareâ, A critical vulnerability in all supported versions of the Windows which is actively exploited. The fix comes a week before the normal monthly Microsoft Patch Tuesday release, and follows the release of exploit code showing potential attackers how to exploit the vulnerability to break into Windows computers.
The problem is CVE-2021-34527, which involves a flaw in the Windows Print Spooler service that could be exploited by attackers to execute code of their choice on a target’s system. Microsoft says it has already detected active exploitation of the vulnerability.
Satnam Narang, research engineer at Defensible, said the Microsoft patch deserves urgent attention due to the pervasiveness of the vulnerability in organizations and the possibility that attackers could exploit this flaw to gain control of a Windows domain controller.
“We believe it will only be a matter of time before it is no longer widely incorporated into attackers’ toolboxes,” Narang said. “PrintNightmare will remain a valuable exploit for cybercriminals as long as there are unpatched systems, and as we know, unpatched vulnerabilities have a long lifespan for attackers.”
In a blog post, Microsoft’s Security Response Center said it has fallen behind in developing fixes for the vulnerability in Windows Server 2016, Windows 10 version 1607, and Windows Server 2012. The fix also apparently includes a new feature that allows Windows administrators to implement more stringent restrictions on installing printer software.
“Prior to installing the July 6, 2021 and newer Windows updates containing protections for CVE-2021-34527, the Printer Operators Security Group could install signed and unsigned printer drivers on a server printing, âreads Microsoft’s support advisory. âAfter installing such updates, delegated administrator groups like printer operators can only install signed printer drivers. Administrator credentials will be required to install unsigned printer drivers on a print server in the future. “
Windows 10 users can check for the fix by opening Windows Update. Chances are it shows what is shown in the screenshot below – that KB5004945 is available for download and installation. A restart will be required after installation.
Friendly reminder: It is always a good idea to back up your data before applying any security updates. Windows 10 has some built-in tools to help you do this either by file / folder or by making a full, bootable copy of your hard drive in one go.
Microsoft’s out-of-band update may not fully correct the PrinterNightmare vulnerability. Security researcher Benjamin Delpy posted on twitter that the exploit still works on a fully patched Windows server if the server has also enabled Point & Print – a Windows feature that automatically downloads and installs available printer drivers.
Delpy said it is common for organizations to enable point and print using Group Policy because it allows users to install printer updates without first getting the l ‘IT department approval.
This message will be updated if Windows users start reporting issues while applying the patch.