Update this critical Windows printer system now, or face attack

Windows Print Spooler vulnerability unintentionally disclosed

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Microsofthas released an out-of-band security update to patch a critical vulnerability that could enable threat actors to remotely take over vulnerable systems by exploiting weaknesses in the Windowsprinterservice.

PrintNightmare created havoc when it wasaccidentally disclosedby Chinese security researchers who put out a proof-of-concept exploit thinking the vulnerability in Windows Print Spooler had already been patched by Microsoft.

The confusion was the result of Microsoft merging two bugs into one security indicator (CVE-2021-1675) and then addressing only the less critical of the two issues in the patch released in June.

In any case, Microsoft hasjust patchedthe second RCE vulnerability as well, which is now tracked separately as CVE-2021-34527.

Sweet dreams

The PrintNightmare vulnerability exists in the Print Spooler, which is used to manageprintersor print servers, and is enabled by default on all Windows machines and the service.

Exploiting the vulnerability, an attacker could remotely execute code on a vulnerable system and elevate any low privileged user account to that of an administrator.

Microsoft has put out different patches to address the PrintNightmare vulnerability for a wide array of Windows releases, from the oldWindows 7and Windows Server 2008 versions, up to the latestWindows 10and Windows Server 2019.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

However,cybersecurityresearcher Kevin Beaumont hasexpressed doubtson the efficacy of the patches, particularly onWindows Server 2012 R2. He says according to his analysis of the patches, they fix the RCE vulnerability, but fail to address the local privilege escalation bug “on some OSes in default config.”

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

New fanless cooling technology enhances energy efficiency for AI workloads by achieving a 90% reduction in cooling power consumption

Samsung plans record-breaking 400-layer NAND chip that could be key to breaking 200TB barrier for ultra large capacity AI hyperscaler SSDs

Anker Nebula Mars 3 review: A powerful and truly portable projector