Microsoft has released an out-of-band security update to patch a critical vulnerability that could enable threat actors to remotely take over vulnerable systems by exploiting weaknesses in the Windows printer service.
PrintNightmare created havoc when it was accidentally disclosed by Chinese security researchers who put out a proof-of-concept exploit thinking the vulnerability in Windows Print Spooler had already been patched by Microsoft.
The confusion was the result of Microsoft merging two bugs into one security indicator (CVE-2021-1675) and then addressing only the less critical of the two issues in the patch released in June.
In any case, Microsoft has just patched the second RCE vulnerability as well, which is now tracked separately as CVE-2021-34527.
Sweet dreams
The PrintNightmare vulnerability exists in the Print Spooler, which is used to manage printers or print servers, and is enabled by default on all Windows machines and the service.
Exploiting the vulnerability, an attacker could remotely execute code on a vulnerable system and elevate any low privileged user account to that of an administrator.
Microsoft has put out different patches to address the PrintNightmare vulnerability for a wide array of Windows releases, from the old Windows 7 and Windows Server 2008 versions, up to the latest Windows 10 and Windows Server 2019.
However, cybersecurity researcher Kevin Beaumont has expressed doubts on the efficacy of the patches, particularly on Windows Server 2012 R2. He says according to his analysis of the patches, they fix the RCE vulnerability, but fail to address the local privilege escalation bug “on some OSes in default config.”