Heimdal
article featured image

Contents:

PrintNightmare zero-day is an exploit that has made havoc among cyberattacks lately. Confused at the beginning to CVE-2021-1675, it has recently received its own classification as a zero-day bug: CVE-2021-34527 and targets the Windows Print Spooler. Microsoft has provided some mitigation measures until they release security updates for this (disabling Windows Spooler either from Powershell or from the Group Policy). Now, the technology company has shared the emergency security update KB5004945 that should stop the PrintNightmare zero-day.

New Security Updates Available

As announced previously, Microsoft confirmed that PrintNightmare zero-day is being exploited actively and that it impacts all Windows versions, but it was not confirmed if all of them were actually targeted.

However, the new security updates released by Microsoft work with versions of Windows10, Windows 8, and Windows 7, but no security updates are currently available for Windows Server 2012, Windows Server 2016, and version 1607 of Windows 10.

Microsoft has provided on its support website guidelines on how to install the out-of-band security updates on all the available versions that match with them:

Windows 10

Windows 8.1 & Windows Server 2012

Windows Server 2008 SP2

Windows Server 2008 R2 SP1 & Windows 7 SP1

Windows Server 2019

Until other security updates are released, users can also implement the mitigation measures Microsoft has previously provided and that we shared in an earlier piece of news.

What Is the Threat of PrintNightmare Zero-Day?

PrintNightmare zero-day is dangerous as threat actors can use it to both perform REC (remote code execution) or take advantage of the system privileges to run any command they want using the LPE vector (local privilege escalation) that PrintNightmare zero-day contains.

Cert Coordination Center has also shared its input on the matter:

The Microsoft Windows Print Spooler service fails to restrict access to functionality that allows users to add printers and related drivers, which can allow a remote authenticated attacker to execute arbitrary code with SYSTEM privileges on a vulnerable system,” the CERT Coordination Center said of the issue.

Source

Are the New Security Updates Complete?

No, because the security updates do not cover all Windows impacted versions as other updates are yet to be released and also because, as Bleeping Computer reports and Matthew Hickey discovered, the security patch pushed by Microsoft covers only the remote code execution component of the PrintNightmare zero-day. The LPE one, however, remains without a solution for the moment. This means that threat actors can still gain system privileges through locally exploiting the LPE component.

Author Profile

Andra Andrioaie

Security Enthusiast

linkedin icon

Hi! My name is Andra and I am a passionate writer interested in a variety of topics. I am curious about the cybersecurity world and what I want to achieve through what I write is to keep you curious too!

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE