Windows users should install Microsoft’s emergency patch for the “PrintNightmare” vulnerability, the software giant is recommending, after acknowledging last week that the critical software flaw was being actively exploited. At the time, Microsoft admitted, it had no simple fix for the problem, which could allow hackers to remotely take control of a PC, install their own code, and delete legitimate user data.
The exploit relies on an issue identified with the Windows Print Spooler service, which handles printer job management. “A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations,” Microsoft explained.
“An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges,” the software company conceded. “An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
A fix was in development, Microsoft said, but the temporary workaround was to disable the Windows Print Spooler service. That, of course, would have a knock-on impact on people actually being able to print via that PC. Now, though, there’s a fix for PrintNightmare – at least for some systems.
“Microsoft has completed the investigation and has released security updates to address this vulnerability,” the company confirmed in CVE-2021-34527. “We recommend that you install these updates immediately.”
At the moment, there are patches for multiple versions of Windows. That includes Windows 10 both for home and enterprise PCs; Windows Server 2019, 2012, and 2008; Windows 8.1 and Windows RTY 8.1; and Windows 7.
Once installed, there’ll be new limits on how print drivers can be loaded. Most notably, non-administrators will only be able to install signed print drivers to a print server; you’ll need to have administrator privileges to install unsigned drivers.
However, not every system has a patch available yet. “Updates are not yet available for Windows 10 version 1607, Windows Server 2016, or Windows Server 2012,” Microsoft points out. “Security updates for these versions of Windows will be released soon.”
It’s notable for the potential scope of the flaw. “All versions of Windows are vulnerable,” Microsoft acknowledges. “Supported versions of Windows that do not have security updates available on July 6 will be updated shortly after July 6.”