Microsoft has released security updates for Windows users to patch a security flaw impacting the Windows Print Spooler service. The vulnerability called “PrintNightmare,” that was discovered last week, allows attackers to remotely execute malicious code with system privileges and install programs, make changes in the existing programs, and create new accounts with full user rights. Microsoft has brought the emergency patch for all major Windows versions — starting from Windows 7 to Windows 10. Windows Server users have also been provided with specific security updates to fix the critical flaw.
The list of Windows versions that have received the security updates to patch the PrintNightmare vulnerability comprises Windows Server 2004, Windows Server 2008, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows 7, Windows RT 8.1, Windows 8.1, and Windows 10. Microsoft said that the updates contain protections for the issue that has been recorded as CVE-2021-34527.
Since the Windows Print Spooler service exists on all Windows versions, the vulnerability has impacted all Windows machines. However, the security updates list is currently limited to a few versions initially. Microsoft said that it would update the remaining Windows versions soon.
Meanwhile, users on a Windows machine that is yet to receive the security fix are recommended to manually disable the Print Spooler service or disable inbound remote printing. The Print Spooler can be disabled by passing the “Stop-Service -Name Spooler -Force” and “Set-Service -Name Spooler -StartupType Disabled” commands through PowerShell.
Inbound remote printing, on the other hand, can be disabled by going to Computer Configuration > Administrative Templates > Printers and switching off the Allow Print Spooler to accept client connections option. You need to restart the Print Spooler service for the change to take effect.
The PrintNightmare flaw was reported by researchers at Chinese cybersecurity firm Sangfor Technologies last week. It is known as a remote code execution vulnerability that could be exploited to run arbitrary malicious code with system privileges. The flaw exists when the Windows Print Spooler service improperly performs privileged file operations, Microsoft explained.