Microsoft Issues Emergency Windows Patch To Fix Critical ‘PrintNightmare’ Vulnerability
Tech giant Microsoft has released the KB5004945 emergency security update to fix the actively exploited PrintNightmare zero-day vulnerability in the Windows Print Spooler service impacting all Windows versions.
The vulnerability was revealed last week after security researchers accidentally published a proof-of-concept (PoC) exploit code.
Microsoft has issued out-of-band security updates to address the flaw and has rated it as critical as attackers can remotely execute code with system-level privileges on affected machines.
The remote code execution bug (tracked as CVE-2021-34527) allows attackers to take over affected servers via remote code execution (RCE) with SYSTEM privileges, as it will enable them to install programs, view, change, or delete data, and create new accounts with full user rights.
“We recommend that you install these updates immediately,” says Microsoft. “The security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as ‘PrintNightmare’, documented in CVE-2021-34527.”
Microsoft has not yet issued patches for Windows Server 2012, Windows Server 2016, and Windows 10 Version 1607, though. Microsoft says “security updates for these versions of Windows will be released soon.