Microsoft releases emergency patch for PrintNightmare bug
Microsoft has released an emergency patch that fixes the PrintNightmare vulnerability. The serious bug was in the Windows Print Spooler feature and allowed remote code executions. The patch still allows local exploitation of the bug.
Microsoft released the update out of band, so outside of Patch Tuesday. This is a patch for a vulnerability that has the code CVE-2021-34527 and is also known as PrintNightmare. The leak was actively exploited after it was discovered last week.
The patch is KB5004945 for Windows 10 versions 2004, 20H1, and 21H1. A different KB patch is available for older versions of Windows 10, including versions 1809 and 1507. Patches are also available for Windows Server 2019 and for older versions of Windows and Windows Server, including KB5004954 for Windows 8.1 and Windows Server 2012 R2, and KB5004953 for Windows 7 and Windows Server 2008 R2. There are currently no patches for Windows 10 1607 or for Windows Server 2016 and 2012. They will follow later.
The patch does not fix every part of PrintNightmare. The vulnerability made it possible to perform remote code execution. The KB updates have now resolved that issue. At the same time notice security researcher Hacker Fantastic op that despite the patch it is still possible to perform a local privilege escalation. To prevent this, users can disable the Point&Print functionality. Microsoft has also released KB5005010, a patch that prevents new printer drivers from being installed just like that. In addition, Microsoft already published a work-around last week that disables Print Spooler to prevent exploitation.