Microsoft urgently distributes a patch for the Windows print spooler vulnerability 'Print Nightmare'



Microsoft has urgently distributed a patch for the 'PrintNightmare ' vulnerability in the print spooler. Microsoft warns that if an attacker exploits PrintNightmare, it could execute arbitrary code with SYSTEM privileges.

CVE-2021-34527 --Security Update Guide --Microsoft --Remote Code Execution Vulnerabilities in Windows Print Spooler
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

Exceptional Release of Security Update for Windows Print Spooler Vulnerability Information (CVE-2021-34527) – Microsoft Security Response Center
https://msrc-blog.microsoft.com/2021/07/06/20210707_windowsprintspooleroob/

Microsoft pushes emergency update for Windows PrintNightmare zero-day
https://www.bleepingcomputer.com/news/security/microsoft-pushes-emergency-update-for-windows-printnightmare-zero-day/

Microsoft releases out-of-band fix for PrintNightmare vulnerability --The Record by Recorded Future
https://therecord.media/microsoft-releases-out-of-band-fix-for-printnightmare-vulnerability/

The print spooler is a system that temporarily saves the printer's print processing requests that occur at the same time and executes them in sequence. On June 28, 2021, researchers at Chinese security firm Sangfor accidentally published a proof-of-concept code for the vulnerability found in this print spooler and a detailed report on the vulnerability on GitHub. It was.

The researchers hurriedly made the repository private, but said that the code and comments had already been copied. At the time the code was released, the vulnerability in question was fixed only for the privilege elevation bug, and the remote code execution bug 'Print Nightmare' was not fixed. Microsoft has assigned the identifier 'CVE-2021-34527 ' to this PrintNightmare and announced that it will take immediate action. After publishing the mitigation, we released a patch on July 6, 2021 local time.

Microsoft recommends that you install this patch as soon as possible. Some of the patches distributed are below, and the full list of patches can be found on the official page.

-Windows 10 (version 21H1, version 20H1, version 2004): KB5004945
-Windows 10 (version 1909): KB5004946
· Windows 10 (version 1809) and Windows Server 2019: KB5004947
-Windows 10 (version 1803): KB5004949
-Windows 10 (version 1507): KB5004950
· Windows 8.1 and Windows Server 2012: Monthly Rollup KB5004954 / Security Only KB5004958
· Windows 7 SP1 and Windows Server 2008 R2 SP1: Monthly rollup KB5004953 / Security only KB5004951
· Windows Server 2008 SP2: Monthly Rollup KB5004955 / Security Only KB5004959

KB5004945 is expected to be automatically downloaded and installed by Windows Update for general users of Windows. After applying this fix, proxy management groups such as printer operators will only be allowed to install signed printer drivers, and administrator authentication to install unsigned printer drivers on the printer server. will become necessary.

KB5004945 is being distributed on various versions of Windows, including Windows 7, which is no longer supported. At the time of release, patches for Windows 10 Version 1607, Windows Server 2016, and Windows Server 2012 have not been distributed, but they will be distributed in sequence.

in Security, Posted by log1k_iy