Microsoft points emergency Windows patch to repair important ‘PrintNightmare’ vulnerability

Microsoft has began rolling out an emergency Windows patch to handle a important flaw within the Windows Print Spooler service. The vulnerability, dubbed PrintNightmare, was revealed final week, after safety researchers by chance printed proof-of-concept (PoC) exploit code. Microsoft has issued out-of-band security updates to handle the flaw, and has rated it as important as attackers can remotely execute code with system-level privileges on affected machines.

As the Print Spooler service runs by default on Windows, Microsoft has needed to concern patches for Windows Server 2019, Windows Server 2012 R2, Windows Server 2008, Windows 8.1, Windows RT 8.1, and a wide range of supported variations of Windows 10. Microsoft has even taken the weird step of issuing patches for Windows 7, which formally went out of assist final yr. Microsoft has not but issued patches for Windows Server 2012, Windows Server 2016, and Windows 10 Version 1607, although. Microsoft says “security updates for these versions of Windows will be released soon.”

It took Microsoft a few days to concern an alert a few 0-day affecting all supported variations of Windows. The PrintNightmare vulnerability permits attackers to make use of distant code execution, so unhealthy actors might doubtlessly set up applications, modify knowledge, and create new accounts with full admin rights.

“We recommend that you install these updates immediately,” says Microsoft. “The security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as ‘PrintNightmare’, documented in CVE-2021-34527.”