Microsoft issues update with partial fix for Windows PrintNightmare exploit

The update fixes the remote code portion of the vulnerability, but an attacker could still be locally exploited

Almost a week after Microsoft issued a warning about a new Windows security vulnerability dubbed ‘PrintNightmare,’ the company has released an emergency patch to protect users.

PrintNightmare leverages vulnerabilities in the Windows Print Spooler service, software installed on all versions of Windows that helps handle printing jobs. Microsoft issued the warning after researchers accidentally published details about the vulnerability — the researchers mistook it for a different Print Spooler flaw that Microsoft had patched.

The PrintNightmare security flaw could allow attackers to remotely execute code on a Windows device with system-level privileges. The vulnerability includes two issues — a remote code execution and a local privilege escalation. The former refers to the ability for an attacker to execute commands on a system remotely. The latter refers to exploiting a bug, flaw or other issue to escalate an app’s privilege (i.e., from a ‘user’ to an ‘admin’).

Bleeping Computer notes that Microsoft’s ‘KB5004945’ emergency security update partially fixes PrintNightmare. According to the publication, Microsoft’s patch fixes the remote exploit, but the vulnerability could still be exploited locally to gain system privileges.

The security patch is available for the following Windows versions (note that some have different update versions, specified below):

  • Windows 10 versions 21H1, 20H1, 2004 (KB5004945)
  • Windows 10 version 1909 (KB5004946)
  • Windows 10 version 1809 and Windows Server 2019 (KB5004947)
  • Windows 10, version 1803 (KB5004949) [Not available yet]
  • Windows 10, version 1507 (KB5004950)
  • Windows 8.1 and Windows Server 2012 (Monthly Rollup KB5004954 / Security only KB5004958)
  • Windows 7 SP1 and Windows Server 2008 R2 SP1 (Monthly Rollup KB5004953 / Security only KB5004951)
  • Windows Server 2008 SP2 (Monthly Rollup KB5004955 / Security only KB5004959)

For most Windows users, getting the update will be as simple as opening the Settings app > Update & Security > Windows Update and clicking the ‘Check for updates’ button. Keep an eye out for an update ‘Cumulative Update’ with version number ‘KB5004945’ (or one of the other ones if you’re running an older version of Windows).

Source: Bleeping Computer