Microsoft recently released an out-of-band patch for Windows that addresses the PrintNightmare vulnerability.
What you need to know
- Microsoft released a critical emergency Windows patch that addresses the PrintNightmare vulnerability.
- If exploited, the vulnerability allows attackers to install programs, create new accounts, and create, view, or delete data.
- The patch is available for Windows 10, Windows 8.1, Windows 7, and multiple versions of Windows Server.
Microsoft has issued a critical emergency patch for a flaw in the Windows Print Spooler service. The vulnerability is known as PrintNightmare. When exploited, it allows attackers to install programs; view, change, or delete data; or create new accounts with full user rights," according to Microsoft.
The security patch is available for several versions of Windows 10, Windows 8.1, Windows Server 2019, Windows Server 20212 R2, Windows Server 2008, and Windows RT 8.1. It's also available for Windows 7, which is surprising considering the operating system is out of support.
Updates for Windows 10 version 1607, Windows Server 2016, and Windows Server 2012 are not available at this time but will be released soon, according to Microsoft.
PrintNightmare was revealed after researchers published a proof-of-concept exploit, seemingly by accident.
Microsoft's executive summary of the vulnerability now includes the following update (emphasis added):
UPDATE July 6, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability. See also KB5005010: Restricting installation of new printer drivers after applying the July 6, 2021 updates.
The fact that the patch is available for Windows 7 indicated the severity of the issue. Windows 7 has been out of support since January 14, 2020.
No comments: