Microsoft has released an out-of-band patch that will plug up a hole in a known zero-day exploit. Known as PrintNightmare, the patch is now being released via Windows Update.
At the heart of the issue is a remote code vulnerability that would allow an attacker to use Windows Print Spooler to perform privileged file operations. An attacker who successfully exploited this vulnerability would be able to view, change, or delete data; or create new accounts with full user rights.
The patch released today is KB5004945 which is linked to CVE-2021-34527 and is known to be actively exploited by malicious agents. Meaning, you need to patch your system as soon as possible to make sure your environment is not left exposed.
Microsoft notes in their release that after you install the patch, all users are either administrators or non-administrators, delegates will no longer be honored.
At this time, there are patches for Windows 10, Windows 8.1, Windows 7, Windows Server 2008 SP2, Windows Server 2012 – Microsoft is closing this vulnerability to software that is also no longer officially supported by the company.
If you find that you are not able to install these updates, there are mitigations available. The company says that to address the PrintNightmare vulnerability, you can disable Print Spooler service to remove printing capability locally and remotely or you can disable inbound remote printing through Group Policy as a means to protect your environment.
It’s rare for Microsoft to release an out-of-band patch that goes to show the severity of this vulnerability. If you have not already taken steps to close the door on this vulnerability, it’s imperative that you either mitigate the exposure or install the patch once verified that it would not disrupt your environment.