Microsoft releases unscheduled patch for PrintNightmare vulnerability

Microsoft has prepared an emergency patch for a critical PrintNightmare bug that was recently discovered in Windows Print Spooler (spoolsv.exe).

The PrintNightmare issue caused much confusion, as Microsoft initially combined two vulnerabilities under one identifier (CVE-2021-1675). But the official patch released in June only fixed part of the problem, leaving a critical RCE bug unpatched.

Because of this, at the end of June, a group of Chinese researchers accidentally published their PoC exploit for this vulnerability, believing that the problem had already been fixed.

The exploit code was quickly removed from GitHub, but it still leaked online, and the information security community discovered that a dangerous RCE vulnerability in Windows Print Spooler was still relevant.

As a result, to clear up the misunderstanding, Microsoft assigned the second error a separate identifier CVE-2021-34527, and also confirmed that the problem allows remote execution of arbitrary code with SYSTEM privileges and allows an attacker to install programs, view, modify or delete data, as well as create new accounts. with user rights.

The company has now published unscheduled patches for PrintNightmare, but the fixes are still incomplete as the vulnerability can still be exploited locally to gain SYSTEM privileges.

The Microsoft fix released for recent #PrintNightmare vulnerability addresses the remote vector – however the LPE variations still function. These work out of the box on Windows 7, 8, 8.1, 2008 and 2012 but require Point&Print configured for Windows 2016,2019,10 & 11(?).Hacker Fantastic account on Twitter reported.

Updates are available for the following OSs:

The patches for Windows 10 1607, Windows Server 2016 and Windows Server 2012 are not yet ready, but, according to Microsoft, will be released soon.

Let me remind you that I also talked about the fact that the Unofficial patch published for PrintNightmare vulnerability.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *