/i/2002778098.png?fit=%2C&ssl=1)
Microsoft has released an emergency patch that fixes the PrintNightmare vulnerability. The serious bug was in the Windows Print Spooler feature and allowed remote code executions. The patch still allows local exploitation of the bug.
Microsoft has the update out of band released, so outside of Patch Tuesday. It is a patch for a vulnerability that contains the code CVE-2021-34527 and is also known as PrintNightmare. The leak was actively exploited after it was discovered last week.
De patch is KB5004945 for Windows 10 versions 2004, 20H1, and 21H1. A different KB patch is available for older versions of Windows 10, including versions 1809 and 1507. There are also patches for Windows Server 2019 available and for older versions of Windows and Windows Server, including KB5004954 for Windows 8.1 and Windows Server 2012 and KB5004953 for Windows 7 and Windows Server 2008 R2. There are currently no patches for Windows 10 1607 or for Windows Server 2016 and 2021. Those will follow later.
The patch does not fix every part of PrintNightmare. The leak made it possible to remote code execution to be carried out. The KB updates have now resolved that issue. At the same time notice security researcher Hacker Fantastic on that despite the patch it is still possible a local privilege escalation to be carried out. To prevent this, users can disable the Point&Print functionality. In addition, Microsoft already last week published a work-around which can disable Print Spooler to prevent exploitation.
–
