Microsoft has begun releasing a Windows emergency patch to resolve a critical failure in the Windows Print Spooler service. The vulnerability, dubbed PrintNightmare , was revealed last week after researchers accidentally published proof-of-concept (PoC) exploit code.
The Print Spooler service runs by default on Windows, Microsoft had to release patches for Windows Server 2019, Windows Server 2012 R2, Windows Server 2008, Windows 8.1, Windows RT 8.1 and a variety of supported versions of Windows 10.
Even Windows 7 Microsoft is patching after officially going unsupported last year.
Microsoft has not yet released patches for Windows Server 2012, Windows Server 2016 and Windows 10 Version 1607, however. Microsoft says that “security updates for these versions of Windows will be released soon”.
Microsoft’s response time took a few days, the alert was issued on the day it had already affected all supported versions of Windows. PrintNightmare’s weakness allows attackers to use remote code execution so that bad guys can install programs, modify data, and create new accounts with full administrator rights.
Microsoft has publicly said “We recommend that you install these updates immediately”, “Security updates released as of July 6, 2021 contain protections for CVE-2021-1675 and the remote execution exploitation of additional code in the Windows Print service Spooler known as ‘PrintNightmare’, documented in CVE-2021-34527.”
The distribution should take place automatically, but if you want to force the update, you can use the links below:
The security flaw is identified by the code CVE-2021-34527 and can affect 32-bit and 64-bit versions of the operating system, as well as packages made to run on ARM processors.
The risk of this failure is considered serious, Microsoft insists that all users update their Windows.
Source: The Verge