Microsoft: PrintNightmare Now Patched on All Windows Versions

Microsoft has released the KB5004948 emergency security update to address the Windows Print Spooler PrintNightmare vulnerability on all editions of Windows 10 1607 and Windows Server 2016.

“An update has now been released for all affected versions of Windows that are still in support,” Microsoft said in the Windows message center.

The PrintNightmare bug tracked as CVE-2021-34527 enables attackers to take over affected servers via remote code execution (RCE) with SYSTEM privileges.

Detailed steps on how to install these out-of-band security updates are available in the support documents linked below:

• Windows 10, version 21H1 (KB5004945)
• Windows 10, version 20H1 (KB5004945)
• Windows 10, version 2004 (KB5004945)
• Windows 10, version 1909 (KB5004946)
• Windows 10, version 1809 and Windows Server 2019 (KB5004947)
• Windows 10, version 1803 (KB5004949)
• Windows 10, version 1607 and Windows Server 2016 (KB5004948)
• Windows 10, version 1507 (KB5004950)
• Windows Server 2012 (Monthly Rollup KB5004956 / Security only KB5004960)
• Windows 8.1 and Windows Server 2012 R2 (Monthly Rollup KB5004954 / Security only KB5004958)
• Windows 7 SP1 and Windows Server 2008 R2 SP1 (Monthly Rollup KB5004953 / Security only KB5004951)
• Windows Server 2008 SP2 (Monthly Rollup KB5004955 / Security only KB5004959)

Also Read: 3 Reasons Why You Must Take PDPA Singapore Course

“Microsoft recommends that you immediately install this update on all supported Windows client and server operating system, starting with devices that currently host the print server role,” the company added.

“You also have the option to configure the RestrictDriverInstallationToAdministrators registry setting to prevent non-administrators from installing signed printer drivers on a print server. For more information, see KB5005010.”

Microsoft’s PrintNightmare security patch is incomplete

While Microsoft says these security updates address the PrintNightmare vulnerability, security researchers have discovered that the patch is incomplete and it can be bypassed to achieve both remote code execution and local privilege escalation with the official fix installed.

However, 0patch has released free PrintNightmare micropatches on Friday that can sucessfully block attempts to exploit the vulnerability.

Windows users and admins are recommended to do one of the following until a working patch from Microsoft is released:

• Do not install the July 6th patch and install 0Patch’s micropatches instead.
• Disable the Print Spooler using the instructions here.

CISA has also published a notification on the PrintNightmare zero-day last week encouraging security professionals to disable the Windows Print Spooler service on systems not used for printing.

Also Read: The Difference Between GDPR and PDPA Under 10 Key Issues

BleepingComputer has reached out to Microsoft regarding these security updates but has not heard back at this time.