Microsoft has began rolling out an emergency Home windows patch to handle a important flaw within the Home windows Print Spooler service. The vulnerability, dubbed PrintNightmare, was revealed final week, after safety researchers by accident printed proof-of-concept (PoC) exploit code. Microsoft has issued out-of-band safety updates to handle the flaw, and has rated it as important as attackers can remotely execute code with system-level privileges on affected machines.
Because the Print Spooler service runs by default on Home windows, Microsoft has needed to concern patches for Home windows Server 2019, Home windows Server 2012 R2, Home windows Server 2008, Home windows 8.1, Home windows RT 8.1, and a wide range of supported variations of Home windows 10. Microsoft has even taken the weird step of issuing patches for Home windows 7, which formally went out of assist final 12 months. Microsoft has not but issued patches for Home windows Server 2012, Home windows Server 2016, and Home windows 10 Model 1607, although. Microsoft says “safety updates for these variations of Home windows shall be launched quickly.”
It took Microsoft a few days to concern an alert a few 0-day affecting all supported variations of Home windows. The PrintNightmare vulnerability permits attackers to make use of distant code execution, so dangerous actors might doubtlessly set up packages, modify knowledge, and create new accounts with full admin rights.
“We suggest that you simply set up these updates instantly,” says Microsoft. “The safety updates launched on and after July 6, 2021 include protections for CVE-2021-1675 and the extra distant code execution exploit within the Home windows Print Spooler service referred to as ‘PrintNightmare’, documented in CVE-2021-34527.”