Articles Microsoft releases unscheduled patch for PrintNightmare vulnerability

Microsoft releases unscheduled patch for PrintNightmare vulnerability


Microsoft has prepared an emergency patch for a critical PrintNightmare bug recently discovered in Windows Print Spooler (spoolsv.exe).

A lot of confusion has arisen around the PrintNightmare issue, as Microsoft initially combined two vulnerabilities under one identifier (CVE-2021-1675). But the official patch released in June only fixed part of the problem, leaving a critical RCE bug unpatched. Because of this, at the end of June, a group of Chinese researchers accidentally published their PoC exploit for this vulnerability, believing that the problem had already been fixed.

The exploit code was quickly removed from GitHub, but it still leaked online, and the information security community discovered that a dangerous RCE vulnerability in Windows Print Spooler was still relevant. As a result, to clear up the misunderstanding, Microsoft assigned the second error a separate identifier CVE-2021-34527, and also confirmed that the problem allows remote execution of arbitrary code with SYSTEM privileges and allows an attacker to install programs, view, modify or delete data, as well as create new ones. accounts with user rights.

The company has now published unscheduled patches for PrintNightmare, but the fixes are still incomplete as the vulnerability can still be exploited locally to gain SYSTEM privileges.

The fixes are already available for the following operating systems:

The patches for Windows 10 1607, Windows Server 2016 and Windows Server 2012 are not yet ready, but, according to Microsoft, will be released soon.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Critical Infrastructure Warning! Millions of PLCs, switches, IoT devices are under threat

Eleven vulnerabilities, combined under the name Urgent / 11,...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you