Microsoft Releases Security Updates to Fight Against PrintNightmare Zero-Day
PrintNightmare Zero-Day Is Currently Being Investigated by Microsoft. The Technology Company Has Released Security Updates for Some Windows Versions.
PrintNightmare zero-day is an exploit that has made havoc among cyberattacks lately. Confused at the beginning to CVE-2021-1675, it has recently received its own classification as a zero-day bug: CVE-2021-34527 and targets the Windows Print Spooler. Microsoft has provided some mitigation measures until they release security updates for this (disabling Windows Spooler either from Powershell or from the Group Policy). Now, the technology company has shared the emergency security update KB5004945 that should stop the PrintNightmare zero-day.
New Security Updates Available
As announced previously, Microsoft confirmed that PrintNightmare zero-day is being exploited actively and that it impacts all Windows versions, but it was not confirmed if all of them were actually targeted.
However, the new security updates released by Microsoft work with versions of Windows10, Windows 8, and Windows 7, but no security updates are currently available for Windows Server 2012, Windows Server 2016, and version 1607 of Windows 10.
Microsoft has provided on its support website guidelines on how to install the out-of-band security updates on all the available versions that match with them:
- version 1507 goes with KB5004950
- version 1809 goes with KB5004947
- version 1909 goes with KB5004946
- version 2004, 20H1, and 21H1 go with KB5004945
Windows 8.1 & Windows Server 2012
Windows Server 2008 SP2
Windows Server 2008 R2 SP1 & Windows 7 SP1
Windows Server 2019
Until other security updates are released, users can also implement the mitigation measures Microsoft has previously provided and that we shared in an earlier piece of news.
What Is the Threat of PrintNightmare Zero-Day?
PrintNightmare zero-day is dangerous as threat actors can use it to both perform REC (remote code execution) or take advantage of the system privileges to run any command they want using the LPE vector (local privilege escalation) that PrintNightmare zero-day contains.
Cert Coordination Center has also shared its input on the matter:
The Microsoft Windows Print Spooler service fails to restrict access to functionality that allows users to add printers and related drivers, which can allow a remote authenticated attacker to execute arbitrary code with SYSTEM privileges on a vulnerable system,” the CERT Coordination Center said of the issue.
Are the New Security Updates Complete?
No, because the security updates do not cover all Windows impacted versions as other updates are yet to be released and also because, as Bleeping Computer reports and Matthew Hickey discovered, the security patch pushed by Microsoft covers only the remote code execution component of the PrintNightmare zero-day. The LPE one, however, remains without a solution for the moment. This means that threat actors can still gain system privileges through locally exploiting the LPE component.