Microsoft has prepared an emergency patch for a critical PrintNightmare bug recently discovered in Windows Print Spooler (spoolsv.exe).
A lot of confusion has arisen around the PrintNightmare issue, as Microsoft initially combined two vulnerabilities under one identifier (CVE-2021-1675). But the official patch released in June only fixed part of the problem, leaving a critical RCE bug unpatched. Because of this, at the end of June, a group of Chinese researchers accidentally published their PoC exploit for this vulnerability, believing that the problem had already been fixed.
The exploit code was quickly removed from GitHub, but it still leaked online, and the information security community discovered that a dangerous RCE vulnerability in Windows Print Spooler was still relevant. As a result, to clear up the misunderstanding, Microsoft assigned the second error a separate identifier CVE-2021-34527, and also confirmed that the problem allows remote execution of arbitrary code with SYSTEM privileges and allows an attacker to install programs, view, modify or delete data, as well as create new ones. accounts with user rights.
The company has now published unscheduled patches for PrintNightmare, but the fixes are still incomplete as the vulnerability can still be exploited locally to gain SYSTEM privileges.
The fixes are already available for the following operating systems:
- Windows 10 21H1 ( KB5004945 )
- Windows 10 20H1 ( KB5004945 )
- Windows 10 2004 ( KB5004945 )
- Windows 10 1909 ( KB5004946 )
- Windows 10 1809 and Windows Server 2019 ( KB5004947 )
- Windows 10 1507 ( KB5004950 )
- Windows 8.1 and Windows Server 2012 ( KB5004954 / KB5004958 )
- Windows 7 SP1 and Windows Server 2008 R2 SP1 ( KB5004953 / KB5004951 )
- Windows Server 2008 SP2 ( KB5004955 / KB5004959 ).
The patches for Windows 10 1607, Windows Server 2016 and Windows Server 2012 are not yet ready, but, according to Microsoft, will be released soon.