Microsoft has began rolling out an emergency Home windows patch to handle a important flaw within the Home windows Print Spooler service. The vulnerability, dubbed PrintNightmare, was revealed final week, after safety researchers by accident printed proof-of-concept (PoC) exploit code. Microsoft has issued out-of-band safety updates to handle the flaw, and has rated it as important as attackers can remotely execute code with system-level privileges on affected machines.
Because the Print Spooler service runs by default on Home windows, Microsoft has needed to subject patches for Home windows Server 2019, Home windows Server 2012 R2, Home windows Server 2008, Home windows 8.1, Home windows RT 8.1, and a wide range of supported variations of Home windows 10. Microsoft has even taken the bizarre step of issuing patches for Home windows 7, which formally went out of help final yr. Microsoft has not but issued patches for Home windows Server 2012, Home windows Server 2016, and Home windows 10 Model 1607, although. Microsoft says “safety updates for these variations of Home windows will probably be launched quickly.”
It took Microsoft a few days to subject an alert a few 0-day affecting all supported variations of Home windows. The PrintNightmare vulnerability permits attackers to make use of distant code execution, so dangerous actors might doubtlessly set up applications, modify knowledge, and create new accounts with full admin rights.
“We advocate that you simply set up these updates instantly,” says Microsoft. “The safety updates launched on and after July 6, 2021 comprise protections for CVE-2021-1675 and the extra distant code execution exploit within the Home windows Print Spooler service often called ‘PrintNightmare’, documented in CVE-2021-34527.”