Microsoft acknowledged a remote code execution vulnerability that affects Windows Print Spooler last week. Tracked as CVE-2021-34527, the PrintNightmare zero-day impacts all versions of Windows 10 along with older Windows operating systems, pushing the company to deliver an out-of-band update to fix this security issue.
Windows update KB5004945 is now available for all the supported versions, including version 21H1, version 20H1, v2004, v1909, v1809, v1803, v1507. This fix is also available for older operating systems, including Windows 8.1, Windows Server 2012, Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2. The company added that it will deliver updates for the "remaining affected supported versions of Windows" in the coming days.
Microsoft is advising users to check for updates and get this emergency update at the earliest to protect their devices against remote attacks.
Currently available updates include (release notes might take some time to be uploaded):
- Windows 10 v21H1 (KB5004945)
- Windows 10 v20H2 (KB5004945)
- Windows 10 v2004 (KB5004945)
- Windows 10, version 1909 (KB5004946)
- Windows 10 v1809 and Windows Server 2019 (KB5004947)
- Windows 10 v1803 (KB5004949)
- Windows 10 v1507 (KB5004950)
- Windows 8.1 and Windows Server 2012 (Monthly Rollup KB5004954 / Security only KB5004958)
- Windows 7 SP1 and Windows Server 2008 R2 SP1 (Monthly Rollup KB5004953 / Security only KB5004951)
- Windows Server 2008 SP2 (Monthly Rollup KB5004955 / Security only KB5004959)
Remote code execution "PrintNightmare" zero-day bug that affects all Windows
Exploiting this Windows RCE flaw, an attacker could run code on the affected device with full system privileges, install software, and modify data. Microsoft explains:
A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
The issue is so severe that the CERT Coordination Center (CERT/CC) and the US government had to step in to offer mitigation for this critical RCE vulnerability. The Cybersecurity and Infrastructure Security Agency (CISA) had encouraged admins to disable the Windows Print Spooler service on servers that aren't being used for printing.