Microsoft even patches Windows 7
Microsoft has started rolling out an emergency patch for Windows to address a serious flaw in the Windows Print Spooler service. The vulnerability, dubbed PrintNightmare, was revealed last week, after security researchers mistakenly published Proof-of-Concept (PoC) exploit code. Microsoft released out-of-band security updates to address the flaw, categorizing it as critical as attackers could execute remote code with system-wide privileges on affected devices.
Since the Print Spooler service runs by default on Windows, Microsoft has had to release patches for Windows Server 2019, Windows Server 2012 R2, Windows Server 2008, Windows 8.1, Windows RT 8.1, and a variety of supported versions of Windows 10. Microsoft has even It took the unusual step of releasing patches for Windows 7, which officially fell out of support last year. Microsoft has not yet released patches for Windows Server 2012, Windows Server 2016, and Windows 10 version 1607. Microsoft says "Security updates for these versions of Windows will be released soon."
It took Microsoft a few days to issue a 0 day alert affecting all supported versions of Windows. The PrintNightmare vulnerability allows attackers to use remote code execution, so malicious actors can potentially install programs, modify data, and create new accounts with full administrator rights.
"We recommend that you install these updates immediately," Microsoft says. “The security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as “PrintNightmare” documented in CVE-2021-34527.”
0 Comments