Microsoft is issuing an emergency update to fix a zero-day vulnerability in the Windows Print Spooler service. To avoid being compromised, Windows users should update their systems immediately.
Last week, security researchers accidentally published exploit code for PrintNightmare, a flaw in the Windows operating system. The slip-up has forced Microsoft to roll out a patch before malicious actors can cause too much damage. The Print Spooler security patch is included in Windows Update KB5004945, released on 7/6/2021. This update addresses both variants of PrintNightmare (CVE-2021-34527 and CVE-2021-1675).
PrintNightmare is a Remote Code Execution (RCE) vulnerability that can give an attacker system level privileges. The exploit works because of how the Print Spooler service handles printer driver installation. If an attacker can gain access as a remote user, they can use the “RpcAddPrinterDriver” command to point to a malicious file. The service installs the file thinking it is a printer driver, executing the attacker’s malicious code.
Obviously this exploit is aptly named. An attacker can wreak endless havoc at the system level, putting all sensitive data on the victim machine at serious risk. The flaw is so severe that Microsoft is even releasing a patch for Windows 7, which they officially stopped supporting last year. Patches are coming soon for Windows Server 2012, Windows Server 2016, and Windows 10 version 1607, but right now the fix is only available on the following systems:
- Windows 8.1
- Windows RT 8.1
- supported Windows 10 versions
- Windows Server 2008
- Windows Server 2012 R2
- Windows Server 2019
View Microsoft’s official security update guide for additional information.
To install the update on Windows 10, go to Start > Settings > Update & Security > Windows Update and click Install. You will need to restart your computer to apply the update.
Alternatively, you can disable the Print Spooler service as a safeguard until you are able to install the update:
- 1. From the Start menu, search for services
- 2. Right click on the Services app and Run As Administrator
- 3. Scroll down, right click on Print Spooler, and click Stop
DriveStrike is an important addition to any robust cybersecurity program. For anyone who needs to secure private data, DriveStrike provides essential capabilities, including Remote Wipe, Lock, Geolocation, and Windows BitLocker Integration. Protect your devices and sensitive data by starting a free trial with DriveStrike today.
Start Your Free 30 Day Trial
Each day brings new device security challenges, so your organization needs simple and wide-reaching solutions to combat those challenges. DriveStrike is here to help you protect your most critical data with premium quality endpoint security. Start a free trial with DriveStrike today, and contact us if you need any assistance. Our team is always ready to answer your questions.