Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Microsoft Ships Emergency Patch for Critical Windows ‘PrintNightmare’ Vulnerability

Microsoft late Tuesday pushed out an emergency patch to cover the Windows ‘PrintNightmare’ security flaw.

Microsoft late Tuesday pushed out an emergency patch to cover the Windows ‘PrintNightmare’ security flaw.

The out-of-band update comes more than a week after the publication of proof-of-concept exploit code sent Windows network administrators scrambling to apply pre-patch mitigations.

The issue caused major headaches in security research circles because the exploit targets CVE-2021-1675, a vulnerability that was patched by Microsoft on June 8 and originally misdiagnosed as a low-risk privilege escalation issue.

Microsoft updated its bulletin on June 21 to confirm remote code execution vectors but when the Black Hat conference announced the acceptance of a presentation on the details of the vulnerability, proof-of-concept code and a full technical write-up was published showing a path to remote code execution.

[ SEE: Windows Admins Scrambling to Contain ‘PrintNightmare’ Flaw ]

When the demo exploit code appeared on the internet, Microsoft released an advisory to confirm that the so-called ‘PrintNightmare’ bug was an entirely new security flaw that exposed users to computer takeover attacks.

From Microsoft’s patch bulletin:

“A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

The company rated the issue as “critical” and applied a CVSS score of 8.8/8.2.

“We recommend that you install these updates immediately,” Microsoft said. “The security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as “PrintNightmare”, documented in CVE-2021-34527,” the company said.

The U.S. government’s CISA cybersecurity agency is encouraging Windows fleet admins to disable the Windows Print spooler service in Domain Controllers and systems that do not print.   

Print Spooler, which is turned on by default on Microsoft Windows, is an executable file that’s responsible for managing all print jobs getting sent to the computer printer or print server.

Related: Microsoft Warns of Under-Attack Windows Kernel Flaw

Related: NSA Reports New Critical Microsoft Exchange Flaws 

Related: Microsoft Patch Tuesday: 83 Vulnerabilities, 10 Critical, 1 Actively Exploited 

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Protection

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.