Microsoft Releases Emergency Update to Patch PrintNightmare Vulnerability
Microsoft has released an out-of-band patch that will plug up a hole in a known zero-day exploit. Known as PrintNightmare, the patch is now being released via Windows Update.
At the heart of the issue is a remote code vulnerability that would allow an attacker to use Windows Print Spooler to perform privileged file operations. An attacker who successfully exploited this vulnerability would be able to view, change, or delete data; or create new accounts with full user rights.
The patch released today is KB5004945 which is linked to CVE-2021-34527 and is known to be actively exploited by malicious agents. Meaning, you need to patch your system as soon as possible to make sure your environment is not left exposed.
Microsoft notes in their release that after you install the patch, all users are either administrators or non-administrators, delegates will no longer be honored.
At this time, there are patches for Windows 10, Windows 8.1, Windows 7, Windows Server 2008 SP2, Windows Server 2012 – Microsoft is closing this vulnerability to software that is also no longer officially supported by the company.
If you find that you are not able to install these updates, there are mitigations available. The company says that to address the PrintNightmare vulnerability, you can disable Print Spooler service to remove printing capability locally and remotely or you can disable inbound remote printing through Group Policy as a means to protect your environment.
It’s rare for Microsoft to release an out-of-band patch that goes to show the severity of this vulnerability. If you have not already taken steps to close the door on this vulnerability, it’s imperative that you either mitigate the exposure or install the patch once verified that it would not disrupt your environment.
More in Windows Server
Microsoft to Fix Windows Bug Breaking Wi-Fi hotspots After Installing Latest Patch Tuesday Update
Jun 17, 2022 | Rabia Noureen
Microsoft Confirms Windows Server Backup Issues in This Month's Patch Tuesday Updates
Jun 16, 2022 | Rabia Noureen
Microsoft Acknowledges Office Zero-Day Flaw Affecting Windows Diagnostic Tool
May 31, 2022 | Rabia Noureen
Microsoft Releases Out-Of-Band Patches to Fix Windows AD Authentication Issues
May 20, 2022 | Rabia Noureen
CISA Warns Windows Admins Against Applying May Patch Tuesday Updates on Domain Controllers
May 17, 2022 | Rabia Noureen
Microsoft Confirms May 2022 Patch Tuesday Updates Cause AD Authentication Issues
May 12, 2022 | Rabia Noureen
Most popular on petri