Microsoft has prepared an emergency patch for a critical PrintNightmare bug that was recently discovered in Windows Print Spooler (spoolsv.exe).The PrintNightmare issue caused much confusion, as Microsoft initially combined two vulnerabilities under one identifier (CVE-2021-1675). But the official patch released in June only fixed part of the problem, leaving a critical RCE bug unpatched.
Because of this, at the end of June, a group of Chinese researchers accidentally published their PoC exploit for this vulnerability, believing that the problem had already been fixed.
The exploit code was quickly removed from GitHub, but it still leaked online, and the information security community discovered that a dangerous RCE vulnerability in Windows Print Spooler was still relevant.
As a result, to clear up the misunderstanding, Microsoft assigned the second error a separate identifier CVE-2021-34527, and also confirmed that the problem allows remote execution of arbitrary code with SYSTEM privileges and allows an attacker to install programs, view, modify or delete data, as well as create new accounts. with user rights.
The company has now published unscheduled patches for PrintNightmare, but the fixes are still incomplete as the vulnerability can still be exploited locally to gain SYSTEM privileges.
Updates are available for the following OSs:
- Windows 10 21H1 (KB5004945);
- Windows 10 20H1 (KB5004945);
- Windows 10 2004 (KB5004945);
- Windows 10 1909 (KB5004946);
- Windows 10 1809 и Windows Server 2019 (KB5004947);
- Windows 10 1507 (KB5004950);
- Windows 8.1 и Windows Server 2012 (KB5004954/KB5004958);
- Windows 7 SP1 и Windows Server 2008 R2 SP1 (KB5004953/KB5004951);
- Windows Server 2008 SP2 (KB5004955/KB5004959).
The patches for Windows 10 1607, Windows Server 2016 and Windows Server 2012 are not yet ready, but, according to Microsoft, will be released soon.
Let me remind you that I also talked about the fact that the Unofficial patch published for PrintNightmare vulnerability.