 |
| Microsoft releases important fixes for Windows |
Microsoft has started providing an emergency patch to Windows to fix a critical error in the Windows Print Spooler service.
After security researchers accidentally published proof-of-concept code, this vulnerability, known as PrintNightmare, was exposed last week.
The researcher posted a proof-of-concept loophole on Sangfor that appears to be a bug or misunderstanding between the researcher and Microsoft. The test code was quickly removed. But it's on GitHub now.
Sangfor researchers plan to describe several vulnerabilities in the Windows print spooler service at Black Hat's annual security conference later this month.
Researchers seem to believe that Microsoft has addressed this vulnerability. I did this after the company released a fix for one bug in the Windows print spooler.
Microsoft has released an out-of-band security update to address this vulnerability. I think this is important because an attacker can execute code remotely with system-wide permissions on the affected machine.
Since the Print Spooler service runs on Windows by default, Microsoft must release hotfixes for Windows Server 2019, Windows Server 2012 R2, Windows Server 2008, Windows 8.1, Windows RT 8.1, and various supported versions of Windows 10.
Microsoft is working to fix a PrintNightmare vulnerability
Microsoft took the unusual step of releasing a patch for Windows 7, and support for the patch officially ended last year.
Microsoft has not released any fixes for Windows Server 2012, Windows Server 2016, and Windows 10 version 1607.
The software giant said: Security updates for these versions of Windows will be released soon.
It took Microsoft several days to issue warnings about vulnerabilities affecting all supported versions of Windows.
The vulnerability in PrintNightmare could allow an attacker to use remote code execution. As a result, the attacker will most likely install programs, modify data, and create a new account with full administrative rights.
The company stated that we recommend that you install these updates immediately. Security updates released on or after July 6, 2021 include CVE-2021-1675 protection and an additional remote code execution vulnerability in the Windows Print Spooler service called PrintNightmare, which is documented in CVE-2021-34527.