Microsoft issues critical security update to patch PrintNightmare vulnerability
What's the story
Microsoft was recently notified of a critical zero-day vulnerability on all computers running recent versions of Windows. The vulnerability dubbed PrintNightmare allowed bad actors to remotely execute code on the victims' computers with full administrator rights. The Silicon Valley giant has finally issued an emergency Windows patch for many versions of Windows, including the now-retired Windows 7. Here are the important details.
Zero-day vulnerability
Microsoft called PrintNightmare a 'critical' vulnerability
The vulnerability has been identified in the Windows Print Spooler service that interfaces your computer with a connected printer and orders the print commands in a queue. Anyone could exploit this zero-day vulnerability to run code, install programs, modify data, and create new accounts on the victim's computer. Microsoft suggests disabling the service until you install the emergency patch.
PoC on GitHub
PrintNightmare zero-day vulnerability was accidentally discovered by Sangfor security researchers
The cybersecurity vulnerability uniquely identifiable by its CVE-ID: CVE-2021-34527 was accidentally discovered by security researchers at Sangfor Technologies earlier this week when they accidentally published a proof-of-concept (PoC) exploit. Although the code was subsequently deleted, it made its way to GitHub, a popular coders' repository. Microsoft warned that the vulnerability is being actively exploited since the Print Spooler service runs by default on Windows.
Details
Update issued for many versions of Windows, including Windows 7
Microsoft was forced to issue out-of-band security updates for Windows Server 2019, Windows Server 2012 R2, Windows Server 2008, Windows 8.1, Windows RT 8.1, and multiple versions of Windows 10. Microsoft even issued an update for Windows 7. This is highly unusual because the company had already announced that Window 7 will no longer receive security patches and updates.
Lethal capabilities
Print Spooler vulnerability was also used by Stuxnet virus
The PrintNightmare vulnerability patch updates for Windows Server 2012, Windows Server 2016, and Windows 10 version 1607 are yet to be released. Microsoft advised all Windows users to immediately install updates so bad actors don't use the PrintNightmare vulnerability. The updates were released on July 6. A separate Print Spooler vulnerability was used by the Stuxnet virus to destroy several Iranian nuclear centrifuges.