Microsoft rolls out emergency patch for critical PrintNightmare flaw

3 months ago 12
PR Distribution

Fixing a superior information spread successful the Windows Print spooler service, the spot is disposable for astir each versions of Windows, adjacent Windows 7.


Image: iStockPhoto/maxkabakov

Microsoft has deployed a spot for a vulnerability truthful captious that adjacent older, unsupported versions of Windows are receiving it. On Tuesday, the institution rolled retired a hole for the PrintNightmare flaw, a occupation that could let an attacker to instrumentality implicit a compromised machine to instal software, modify information and make caller idiosyncratic accounts. Microsoft intelligibly considered the flaw truthful terrible that it released the spot retired of set this week alternatively than hold until adjacent week's July Patch Tuesday.

SEE: Checklist: Securing Windows 10 systems (TechRepublic Premium)

Accessible done Windows Update, the spot is disposable for astir versions of Windows for clients and servers, including Windows 7, 8.1 and 10, arsenic good arsenic Server 2004, 2008 and 2019.

The lone versions without an disposable spot are Windows 10 Version 1607, Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2016 and Windows Server 2016 (Server Core installation). Microsoft said that these versions volition beryllium updated soon aft July 6.

Individual users should cheque Windows Update to download and instal the patch, portion organizations should deploy the update done their spot absorption system.

This wide occupation has been analyzable due to the fact that it progressive 2 antithetic vulnerabilities with the Windows Print spooler, a work that queues up and manages people jobs. Known arsenic CVE-2021-1675, the archetypal flaw was patched done Microsoft's June 2021 information updates.

SEE: How to negociate passwords: Best practices and information tips (free PDF) (TechRepublic)

The 2nd flaw, dubbed CVE-2021-34527 and nicknamed PrintNightmare, pointed to an contented successful RpcAddPrinterDriverEx(), a relation that lets users instal oregon update a printer driver. Until Tuesday, July 6, this flaw was unpatched, starring Microsoft and the Cybersecurity and Infrastructure Security Agency to counsel administrators to disable the Windows Print spooler work successful domain controllers and systems not utilized for printing.

The information update released connected and aft July 6 includes fixes for some flaws. Anyone incapable to instal the update is advised to cheque the FAQ conception successful CVE-2021-34527 for steps connected protecting their systems from the vulnerability. Information connected installing caller printer drivers aft applying the update is accessible successful Microsoft's KB5005010 enactment document.

Because some vulnerabilities beryllium successful the 40 antithetic versions of Microsoft Windows, companies and regular consumers are astatine risk, according to Dirk Schrader, planetary VP for information probe astatine New Net Technologies. Attackers could infiltrate ample organizations for information extraction and encryption and infect idiosyncratic users to grow botnets oregon motorboat cryptomining networks, Schrader said.

Microsoft Weekly Newsletter

Be your company's Microsoft insider by speechmaking these Windows and Office tips, tricks, and cheat sheets. Delivered Mondays and Wednesdays

Sign up today

Also see

Read Entire Article