PrintNightmare Fixes are now Available

9241445861?profile=RESIZE_400xPatches to fix a severe flaw in the Windows Print spooler are now available for Windows 10 Version 1607, Windows Server 2012 and Windows Server 2016.  Microsoft (MS) has now released patches to protect all versions of Windows against the critical PrintNightmare flaw.  MS recently deployed fixes to cover most but not all editions of Windows.  They patched the remaining versions of Windows, according to an update on its message center page.

Newly patched as of 7 July 7 are Windows 10 version 1607, all editions of Windows Server 2012 (including Server Core) and all editions of Windows Server 2016 (including Server Core).  This means that all 40 versions of Windows now have a patch for this flaw, including ones no longer supported by MS; such as Windows 7 and Windows Server 2008.[1]

Pushing out patches for all versions of Windows, even unsupported ones, shows how serious MS considered this vulnerability.  As another sign, the company deployed the patch as an out-of-band update, choosing not to wait to roll it out.

Jst today (13 July), a new emergency directive ordered by the US Cybersecurity and Infrastructure Security Agency (CISA) orders all US federal agencies to mitigate an actively exploited vulnerability in Pulse Connect Secure (PCS) VPN appliances on their networks by 16 July 2021.  CISA issued the Emergency Directive 21-04 after MS released security updates on Friday to address an actively exploited Print Spooler vulnerability (PrintNightmare) in all supported Windows versions.[2] 

To begin, a user needs to visit the Start Menu, and then click on the Settings icon on the left side of your screen.  From there, you will be taken to the Windows 10 settings app, where you need to click Update & Security followed by ‘Check for Updates.’ Windows 10 will then begin checking for updates.  Actually this should be a routine is you use MS products. 

If you are using the latest version of Windows, which covers the May 2021 Update (21H1) to the May 2020 Update (20H1), you will need to make sure you see KB5004945 listed in Windows Update to fix PrintNightmare.  This is the automatic patch for Windows 10 Home, Pro, and other versions of Windows 10 that addresses the issue.

Let Windows 10 download the update and install it in the background.  After a few minutes, you will be prompted to restart your computer with the Restart Now button. Once you restart, the patch fix will be complete. 

All individual users should check Windows Update to download and install the patch for their version of Windows, while organizations should deploy the update through their patch management system. The updates are also available by searching the Microsoft Update Catalog for the specific Knowledge Base number for your version of Windows and by using the Windows Server Update Services (WSUS).

Fixing this particular problem with the Windows Print spooler service was complicated because MS had to patch two different flaws.  Known as CVE-2021-1675, the first flaw was patched through Microsoft's June 2021 security updates.  But that still left a second and more serious flaw.  Titled CVE-2021-34527 and nicknamed PrintNightmare, the second vulnerability concerned an issue in RpcAddPrinterDriverEx(), a function that allows users to install or update a printer driver.  If exploited by an attacker, this one would have allowed them to take over a compromised computer to install software, modify data and create new user accounts.

The security updates released on 6 & 7 July 2021 include fixes for both flaws.  Anyone unable to install the updates is advised to check the FAQ section in CVE-2021-34527 for steps on protecting their systems.  Information on installing new printer drivers after applying the update is accessible in Microsoft's KB5005010 support document.  MS has a robust cyber security unit and this proves they stand behind their products. 

Red Sky Alliance is in New Boston, NH   USA and we are proud to be helping in the over-all cyber defense posture.  We   are   a   Cyber   Threat   Analysis   and   Intelligence Service organization.     For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com.

Interested in a RedXray subscription to see what we can do for you?  Sign up here: https://www.wapacklabs.com/RedXray   

[1] https://www.techrepublic.com/article/microsoft-patches-remaining-versions-of-windows-against-printnightmare-flaw/

[2] https://www.bleepingcomputer.com/news/security/cisa-orders-federal-agencies-to-patch-windows-printnightmare-bug/

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!