Microsoft has released an emergency patch that fixes the PrintNightmare vulnerability. The serious bug was in the Windows Print Spooler feature and allowed remote code executions. The patch still allows local exploitation of the bug.
Microsoft released the update out of band , so outside of Patch Tuesday. It is a patch for a vulnerability that has the code CVE-2021-34527 and is also known as PrintNightmare. The leak was actively exploited after it was discovered last week.
The patch is KB5004945 for Windows 10 versions 2004, 20H1, and 21H1. A different KB patch is available for older versions of Windows 10, including versions 1809 and 1507. Patches are also available for Windows Server 2019 and for older versions of Windows and Windows Server, including KB5004954 for Windows 8.1 and Windows Server 2012, and KB5004953 for Windows 7 and Windows Server 2008 R2. There are currently no patches for Windows 10 1607 or for Windows Server 2016 and 2021. Those will follow later.
The patch does not fix every part of PrintNightmare. The vulnerability made it possible to perform remote code execution . The KB updates have now resolved that issue. At the same time, security researcher Hacker Fantastic notes that despite the patch, it is still possible to perform a local privilege escalation . To prevent this, users can disable the Point&Print functionality. In addition, Microsoft already published a workaround last week to disable Print Spooler to prevent exploitation.
