Microsoft has released security updates for Windows users to patch a security flaw impacting the Windows Print Spooler service. The vulnerability called “PrintNightmare,” that was once discovered final week, allows attackers to remotely implement malicious code with system privileges and install programs, make changes in the existing programs, and create new accounts with full user rights. Microsoft has brought the emergency patch for all major Windows versions — starting from Windows 7 to Windows 10. Windows Server users have also been given with particular security updates to fix the critical flaw.
The list of Windows versions that have received the security updates to patch the PrintNightmare vulnerability comprises Windows Server 2004, Windows Server 2008, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows 7, Windows RT 8.1, Windows 8.1, and Windows 10. Microsoft said that the updates contain protections for the issue that has been recorded as CVE-2021-34527.
Since the Windows Print Spooler service exists on all Windows versions, the vulnerability has impacted all Windows machines. Alternatively, the security updates list is currently limited to a couple of versions to begin with. Microsoft said that it would update the remaining Windows versions soon.
Meantime, users on a Windows machine that is yet to get the security fix are beneficial to manually disable the Print Spooler service or disable inbound remote printing. The Print Spooler can also be disabled by passing the “Stop-Service -Name Spooler -Force” and “Set-Service -Name Spooler -StartupType Disabled” commands through PowerShell.
Inbound remote printing, however, can also be disabled by going to Computer Configuration > Administrative Templates > Printers and switching off the Allow Print Spooler to accept client connections option. You want to restart the Print Spooler service for the change to take effect.
The PrintNightmare flaw was once reported by researchers at Chinese cybersecurity firm Sangfor Technologies final week. It is referred to as a remote code execution vulnerability which may be exploited to run arbitrary malicious code with system privileges. The flaw exists when the Windows Print Spooler service improperly performs privileged dossier operations, Microsoft explained.