• Ryan Jaynes

Patch Required IMMEDIATELY to Mitigate PrintNightmare Vulnerability in Windows

A major security vulnerability was discovered in the Windows Print Spooler Service, which is used by all Windows computers to print. This vulnerability was discovered last week, and Microsoft has issued emergency out-of-band updates for its operating systems. The flaw can allow an attacker to remotely execute commands on your computer with system-level permissions, which basically means they can control all aspects of the operating system.

The Print Spooler service runs by default on all Windows OSes, as it is required to print. Microsoft has released emergency patches for all supported operating systems, but has also released patches for Windows 7 and Server 2008 systems as well. The vulnerability is documented as CVE-2021-34527, which is commonly known as "PrintNightmare".

If you are using a currently supported version of Windows (8.1 or above) or Windows Server (2012 or above), you should be able to download the patch through Windows Update. It shows up as "2021-07 Cumulative Update for Windows 10 Version 21H1 for x64-bit based Systems (KB5004945)", or whatever version of Windows you use. You can also view your Update history to see if KB5004945* has been installed.

*This KB number may be different depending on your version of Windows. But the "2021-07" piece at the beginning tells you this is the cumulative update for July, 2021. It will be in the KB50049nn range. Figure 1 below shows the update for Server 2012 R2 is KB5004958, for example.

Figure 1

If you are using an unsupported version of Windows or Windows Server, you can use the link below to download the patch directly from Microsoft's Security Response Center website, or MSRC. There, you can scroll most of the way down the page to the "Security Updates" section, which has a table of the versions of Windows where a patch is available. To the right under the "Download" column, you can download the Monthly Rollup or Security Only version of the patch to install your system. The Monthly Rollup version contains additional security fixes and is recommended.

The link is: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

If you are unsure what version of Windows you are using, there are a couple of ways to tell. Try right-clicking your Start button. If there is an item called "System", clicking it will show you the version and bit level of Windows (Figure 2). Otherwise, Left-click the Start button, then Right-click "Computer", and select Properties. This will bring up the System Control Panel and will show you the version of Windows and bit level so you know which patch to apply at the link above (Figure 3)

Figure 2

Figure 3

It is also recommend to disable the Print Spooler service on domain controllers and servers that are not involved in print functions.

If you require any assistance checking or patching systems, please contact My NetWORKS so we can work on a plan to assist you.

11 views0 comments

Recent Posts

See All