Microsoft has started rolling out an emergency Windows patch to address a critical flaw that was found in the Windows Print Spooler service. The vulnerability, dubbed PrintNightmare, was revealed last week after security researchers published proof-of-concept exploit code. Microsoft has now issued an out-of-band security update to address the flaw, and has rated the threat as “critical" since attackers can remotely execute code with system-level privileges on affected machines. The Print Spooler service runs by default on Windows, that is why Microsoft had to issue patches for Windows Server 2019, Windows Server 2012 R2, Windows Server 2008, Windows 8.1, Windows RT 8.1, and a variety of supported versions of Windows 10.
Microsoft is even issuing patches for Windows 7, which officially went out of support last year. Microsoft has not yet issued patches for Windows Server 2012, Windows Server 2016, and Windows 10 Version 1607. Microsoft says that security updates for these versions of Windows will be released soon. The PrintNightmare vulnerability allows attackers to use remote code execution, so bad actors could potentially install programs, modify data, and create new accounts with full admin rights. It also includes a local privilege escalation vector that can be abused in attacks to run commands with SYSTEM privileges on targeted Windows machines.
“The security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as ‘PrintNightmare’, documented in CVE-2021-34527," Microsoft said.