Microsoft – PrintNightmare gap in Windows closed

Due to a “critical” security hole that affects all Windows versions, Microsoft has released security patches. Since attackers are already actively exploiting the hole, admins should react quickly and install the patches.

Microsoft has linked the updates in an updated warning message. There you will also find an FAQ on security issues. Due to the dangerousness of the vulnerability baptized PrintNightmare (CVE-2021-34527), there are even patches for Windows 7. However, not all Windows versions have yet been supplied and the patches for Windows 10 version 1607, Windows Server 2016 and Windows Server 2012 are supposed to be according to Microsoft follow promptly. The vulnerability affects the printer spooler service that is active by default. Admins of computers for which security updates are not yet available should protect systems from attacks using workarounds (german language). For example, deactivating the printer spooler service protects systems. After that, however, it is no longer possible to print locally or via the network.

Authenticated attackers could slip a malicious code-prepared driver onto Windows. If attacks succeed, they could execute malicious code with system rights. This amounts to a complete compromise of a system. If attacks on domain controllers are successful, attackers could spread across networks and infect computers located there with malware. In addition, Microsoft advises Windows users to close a similar printer gap (CVE-2021-1675, “high”). The security updates for this have been available since patch day in June.

Source: Heise