Microsoft has issued an Out-of-band patch to address a Windows Print Spooler-related vulnerability it dubs PrintNightmare (thanks, The Verge).
As Microsoft explains, “A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
Microsoft has released patches for not just Windows 10 versions like 20H2 but also Windows 8.1, Windows 7, and various Windows Server iterations. However, updates for Windows 10 version 1607, Windows Server 2016, or Windows Server 2012 are not yet available at the time of writing and “will be released soon” instead.
The company added that security updates released on and after July 6 also contain measures against CVE-2021-1675, which it describes as being “similar but distinct” from PrintNightmare. Aside from that, a Microsoft Support post said the updates will restrict non-administrators to installing signed print drivers to a print server. Additionally, the Out-of-band update will cause delegates to “no longer be honored”.