PrintNightmare Gets Emergency Windows Patch

It seems that every time you turn around, you have a new exploit. This was one of those “oops” revelations. The latest vulnerability, dubbed PrintNightmare, was found in Microsoft’s Windows Print Spooler. The exploit was found last week after security researchers accidentally published proof-of-concept (PoC) exploit code. Microsoft has issued out-of-band security updates to address the flaw, and has rated it as critical as attackers can remotely execute code with system-level privileges on affected machines.

What makes this one kind of heavy is that the Print Spooler service runs by default. Not taking any chances, Microsoft has issued patches for nearly every version still in use. Even operating systems that they claim to no longer support. I’m looking at you Windows 7. This should give everyone a good ideal why this is a huge deal.

Microsoft patches PrintNightmare on every OS.

Microsoft has had to issue patches for Windows Server 2019, Windows Server 2012 R2, Windows Server 2008, Windows 8.1, Windows RT 8.1, and a variety of supported versions of Windows 10. The company has even taken the unusual step of issuing patches for Windows 7, which officially went out of support last year. Microsoft has not yet issued patches for Windows Server 2012, Windows Server 2016, and Windows 10 Version 1607, though. Microsoft says, “security updates for these versions of Windows will be released soon.”

It took Microsoft a couple of days to issue an alert about a 0-day affecting all supported versions of Windows. The PrintNightmare vulnerability allows attackers to use remote code execution. Bad actors could potentially install programs, modify data, and create new accounts with full admin rights.

“We recommend that you install these updates immediately,” says Microsoft. “The security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as ‘PrintNightmare’, documented in CVE-2021-34527.”