Microsoft has released patch KB5004945 to fix the Windows Print Spooler Print Nightmare vulnerability in the latest versions of Windows 10 along with patch KB5004946, KB500497, KB5004948, KB5004959, KB5004960, and KB5004951 for other versions of Windows that are also affected by the issue.
What is Print Nightmare?
The Print Nightmare security hole, which has been confirmed by Microsoft under the designation CVE-2021-34527, has been rampant on Windows computers in the past, through which attackers exploited a vulnerability in the print spooler service. After a successful attack, attackers could execute any code with system rights. Microsoft classified this gap as “critical” and immediately launched a patch that was supposed to get rid of the problem and that is now also available for all Windows versions .
Is Print Nighmare fixed?
The new security updates released by Microsoft, fixes Print Nightmare for Windows versions 7 and onwards. Read below to find related patch and download it to fix the Print Nightmare vulnerability on your computer. Some researchers say the latest print spooler patch can be bypassed. Microsoft fixed the remote-code execution (RCE) part of the problem, but the local privilege escalation (LPE) hole apparently stays.
A Microsoft spokesperson said that the company is aware of claims and are investigating, but at this time we are not aware of any bypasses. The spokesperson added: “We have seen claims of bypass where an administrator has changed default registry settings to an unsecure configuration. See CVE-2021-34527 guidance for more information on settings required to secure your system. If our investigation identifies additional issues, we will take action as needed to help protect customers.”
How was the Print Nightmare security hole discovered in the first place?
Microsoft closed a similar vulnerability in June. In anticipation of the Black Hat hacking conference, researchers published sample codes of how this vulnerability could be exploited. – Fatally, these exploit codes did not refer to the security gap that had already been closed, but to the new vulnerability. Although these codes have already been taken offline again, the internet does not forget anything.
Download patch to fix Print Nightmare vulnerability for Windows 7 and newer systems
- Windows 10, version 21H1 (KB5004945)
- Windows 10, version 20H1 (KB5004945)
- Windows 10, version 2004 (KB5004945)
- Windows 10, version 1909 (KB5004946)
- Windows 10, version 1809 and Windows Server 2019 (KB5004947)
- Windows 10 version 1803 (KB5004949)
- Windows 10, version 1607 and Windows Server 2016 (KB5004948)
- Windows 10 version 1507 (KB5004950)
- Windows Server 2012 (monthly add-on package KB5004956 / security only KB5004960)
- Windows 8.1 and Windows Server 2012 R2 (monthly add-on package KB5004954 / security only KB5004958)
- Windows 7 SP1 and Windows Server 2008 R2 SP1 (monthly add-on pack KB5004953 / security only KB5004951)
- Windows Server 2008 SP2 (monthly add-on package KB5004955 / security only KB5004959)
In the Windows message center, Microsoft states that “an update has been released for all affected versions of Windows that are still in support”.
The Microsoft fix released for recent #PrintNightmare vulnerability addresses the remote vector – however the LPE variations still function. These work out of the box on Windows 7, 8, 8.1, 2008 and 2012 but require Point&Print configured for Windows 2016,2019,10 & 11(?). 🤦♂️ https://t.co/PRO3p99CFo
— Hacker Fantastic (@hackerfantastic) July 6, 2021
The Print Nightmare vulnerability, with the key, CVE-2021-34527, is a critical** threat and is caused by the Print Queue Service not restricting access to the RpcAddPrinterDriverEx function, which can allow a malicious, remotely authenticated attacker to remotely execute code on your computer.
The problem is that this patch is incomplete, as security researchers have discovered that even with the patch, remote code execution and local privileges can still be obtained.
In this regard, as reported in Bleeping Computer, the 0patch blog has published small unofficial and free patches that do address the problem caused by PrintNightmare and can successfully block attempts to exploit the vulnerability.
In this sense and if you do not have any of these patches installed, it is advisable to follow the recommendations that we already saw at the time and that goes through disable the “Print Queue” service if you do not have a printer or if you have a printer, go to “Edit group policies”, select “Computer Configuration”, then click on “Administrative Templates”, select “Printers” and there disable the option “Allow the print job manager to accept client connections”.