Microsoft rolls out emergency patch for critical PrintNightmare flaw

Image: iStockPhoto/maxkabakov

Microsoft has deployed a patch for a vulnerability so critical that even older, unsupported versions of Windows are receiving it. On Tuesday, the company rolled out a fix for the PrintNightmare flaw, a problem that could allow an attacker to take over a compromised computer to install software, modify data and create new user accounts. Microsoft clearly considered the flaw so severe that it released the patch out of band this week rather than wait until next week's July Patch Tuesday.

SEE: Checklist: Securing Windows 10 systems (TechRepublic Premium)

Accessible through Windows Update, the patch is available for most versions of Windows for clients and servers, including Windows 7, 8.1 and 10, as well as Server 2004, 2008 and 2019.

The only versions without an available patch are Windows 10 Version 1607, Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2016 and Windows Server 2016 (Server Core installation). Microsoft said that these versions will be updated shortly after July 6.

Individual users should check Windows Update to download and install the patch, while organizations should deploy the update through their patch management system.

This overall problem has been complicated because it involved two different vulnerabilities with the Windows Print spooler, a service that queues up and manages print jobs. Known as CVE-2021-1675, the first flaw was patched through Microsoft's June 2021 security updates.

SEE: How to manage passwords: Best practices and security tips (free PDF) (TechRepublic)

The second flaw, dubbed CVE-2021-34527 and nicknamed PrintNightmare, pointed to an issue in RpcAddPrinterDriverEx(), a function that lets users install or update a printer driver. Until Tuesday, July 6, this flaw was unpatched, leading Microsoft and the Cybersecurity and Infrastructure Security Agency to advise administrators to disable the Windows Print spooler service in domain controllers and systems not used for printing.

The security update released on and after July 6 includes fixes for both flaws. Anyone unable to install the update is advised to check the FAQ section in CVE-2021-34527 for steps on protecting their systems from the vulnerability. Information on installing new printer drivers after applying the update is accessible in Microsoft's KB5005010 support document.

Because both vulnerabilities exist in the 40 different versions of Microsoft Windows, companies and regular consumers are at risk, according to Dirk Schrader, global VP for security research at New Net Technologies. Attackers could infiltrate large organizations for data extraction and encryption and infect individual users to expand botnets or launch cryptomining networks, Schrader said.

Also see

• Ransomware attack: Why a small business paid the $150,000 ransom (TechRepublic)
• Expert: Intel sharing is key to preventing more infrastructure cyberattacks (TechRepublic)
• Windows 10 security: A guide for business leaders (TechRepublic Premium)
• How to activate and use the built-in Windows 10 back-up feature (TechRepublic)
• How to increase shutdown speeds in Windows 10 (TechRepublic)
• How to optimize Windows 10 power settings for higher performance (TechRepublic)
• Windows 10 how to: A free tech support and troubleshooting guide (ZDNet)
• Get more must-read Microsoft tips and news (TechRepublic on Flipboard)