Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Microsoft Ships Emergency Patch for Critical Windows ‘PrintNightmare’ Vulnerability

Microsoft late Tuesday pushed out an emergency patch to cover the Windows ‘PrintNightmare’ security flaw.

Microsoft late Tuesday pushed out an emergency patch to cover the Windows ‘PrintNightmare’ security flaw.

The out-of-band update comes more than a week after the publication of proof-of-concept exploit code sent Windows network administrators scrambling to apply pre-patch mitigations.

The issue caused major headaches in security research circles because the exploit targets CVE-2021-1675, a vulnerability that was patched by Microsoft on June 8 and originally misdiagnosed as a low-risk privilege escalation issue.

Microsoft updated its bulletin on June 21 to confirm remote code execution vectors but when the Black Hat conference announced the acceptance of a presentation on the details of the vulnerability, proof-of-concept code and a full technical write-up was published showing a path to remote code execution.

[ SEE: Windows Admins Scrambling to Contain ‘PrintNightmare’ Flaw ]

When the demo exploit code appeared on the internet, Microsoft released an advisory to confirm that the so-called ‘PrintNightmare’ bug was an entirely new security flaw that exposed users to computer takeover attacks.

From Microsoft’s patch bulletin:

“A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

The company rated the issue as “critical” and applied a CVSS score of 8.8/8.2.

“We recommend that you install these updates immediately,” Microsoft said. “The security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as “PrintNightmare”, documented in CVE-2021-34527,” the company said.

The U.S. government’s CISA cybersecurity agency is encouraging Windows fleet admins to disable the Windows Print spooler service in Domain Controllers and systems that do not print.   

Print Spooler, which is turned on by default on Microsoft Windows, is an executable file that’s responsible for managing all print jobs getting sent to the computer printer or print server.

Related: Microsoft Warns of Under-Attack Windows Kernel Flaw

Related: NSA Reports New Critical Microsoft Exchange Flaws 

Related: Microsoft Patch Tuesday: 83 Vulnerabilities, 10 Critical, 1 Actively Exploited 

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Nation-State

The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.