Microsoft late Tuesday pushed out an emergency patch to cover the Windows ‘PrintNightmare’ security flaw.
The out-of-band update comes more than a week after the publication of proof-of-concept exploit code sent Windows network administrators scrambling to apply pre-patch mitigations.
The issue caused major headaches in security research circles because the exploit targets CVE-2021-1675, a vulnerability that was patched by Microsoft on June 8 and originally misdiagnosed as a low-risk privilege escalation issue.
Microsoft updated its bulletin on June 21 to confirm remote code execution vectors but when the Black Hat conference announced the acceptance of a presentation on the details of the vulnerability, proof-of-concept code and a full technical write-up was published showing a path to remote code execution.
[ SEE: Windows Admins Scrambling to Contain ‘PrintNightmare’ Flaw ]
When the demo exploit code appeared on the internet, Microsoft released an advisory to confirm that the so-called ‘PrintNightmare’ bug was an entirely new security flaw that exposed users to computer takeover attacks.
From Microsoft’s patch bulletin:
“A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
The company rated the issue as “critical” and applied a CVSS score of 8.8/8.2.
“We recommend that you install these updates immediately,” Microsoft said. “The security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as “PrintNightmare”, documented in CVE-2021-34527,” the company said.
The U.S. government’s CISA cybersecurity agency is encouraging Windows fleet admins to disable the Windows Print spooler service in Domain Controllers and systems that do not print.
Print Spooler, which is turned on by default on Microsoft Windows, is an executable file that’s responsible for managing all print jobs getting sent to the computer printer or print server.
Related: Microsoft Warns of Under-Attack Windows Kernel Flaw
Related: NSA Reports New Critical Microsoft Exchange Flaws
Related: Microsoft Patch Tuesday: 83 Vulnerabilities, 10 Critical, 1 Actively Exploited
Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.
More from Ryan Naraine
- Tesla Hacked Twice at Pwn2Own Exploit Contest
- CISA Ships ‘Untitled Goose Tool’ to Hunt for Microsoft Azure Cloud Infections
- Backslash Snags $8M Seed Financing for AppSec Tech
- Oleria Scores $8M Seed Funding for ID Authentication Technology
- Aembit Scores $16.6M Seed Funding for Workload IAM Technology
- Project Zero: Samsung Mobile Chipsets Vulnerable to Baseband Code Execution Exploits
- Rapid7 Buys Anti-Ransomware Firm Minerva Labs for $38 Million
- Microsoft Pins Outlook Zero-Day Attacks on Russian Actor, Offers Detection Script
Latest News
- US Charges 20-Year-Old Head of Hacker Site BreachForums
- Tesla Hacked Twice at Pwn2Own Exploit Contest
- CISA Ships ‘Untitled Goose Tool’ to Hunt for Microsoft Azure Cloud Infections
- Critical WooCommerce Payments Vulnerability Leads to Site Takeover
- PoC Exploit Published for Just-Patched Veeam Data Backup Solution Flaw
- CISA Gets Proactive With New Pre-Ransomware Alerts
- Watch on Demand: Supply Chain & Third-Party Risk Summit Sessions
- TikTok CEO Grilled by Skeptical Lawmakers on Safety, Content
