Microsoft has released the KB5004948 emergency security update to resolve the Windows Print Spooler PrintNightmare vulnerability on all Windows 10 editions i.e. Windows 10 1607 and Windows Server 2016.
Microsoft said in the Windows message center that they have released an update for all affected Windows versions that haven’t reached EOL(end of life) yet.
The PrintNightmare bug traced as CVE-2021-34527 allows attackers to gain control over affected servers through remote code execution (RCE) with SYSTEM privileges.
To help you install the out of band security updates, we have provided few support documents below:
- Windows 10, version 21H1 (KB5004945)
- Windows 10, version 20H1 (KB5004945)
- Windows 10, version 2004 (KB5004945)
- Windows 10, version 1909 (KB5004946)
- Windows 10, version 1809 and Windows Server 2019 (KB5004947)
- Windows 10, version 1803 (KB5004949)
- Windows 10, version 1607 and Windows Server 2016 (KB5004948)
- Windows 10, version 1507 (KB5004950)
- Windows Server 2012 (Monthly Rollup KB5004956 / Security only KB5004960)
- Windows 8.1 and Windows Server 2012 R2 (Monthly Rollup KB5004954 / Security only KB5004958)
- Windows 7 SP1 and Windows Server 2008 R2 SP1 (Monthly Rollup KB5004953 / Security only KB5004951)
- Windows Server 2008 SP2 (Monthly Rollup KB5004955 / Security only KB5004959)
Microsoft recommends users install this update on all compatible Windows client and server operating systems.
Additionally, you have the option to configure the RestrictDriverInstallationToAdministrators registry setting so that non-admins can’t install signed printer drivers on a print server. For additional information, you can see KB5005010.
Microsoft’s PrintNightmare security patch is unfinished
Even though Microsoft said the security update fixes the PrintNightmare vulnerability, security researchers have identified that the patch is unfinished and can be circumvented to perform both remote code execution and local privilege escalation while having the official fix installed.
Till any working patch from Microsoft is released, Windows users and admins are advised to do either one of the following steps:
- Don’t install the July 6th patch and instead install 0Patch’s micropatches.
- With the help of instructions disable the Print Spooler.
Meanwhile, CISA has also published a notification on the PrintNightmare zero-day previous week fostering security professionals to disable the Windows Print Spooler service on systems not utilized for printing.
Looking for more Windows news? Signup for our newsletter for the latest update.