Microsoft has released an out-of-band patch for the security flaw known as PrintNightmare that is under attack already and lets attackers take control of a PC.
The PrintNightmare bug is being tracked as CVE-2021-1675 and CVE-2021-34527. It’s a critical bug in the Windows print spooler with exploit code in the public domain before Microsoft had a chance to release a patch for it. Admins were advised to disable the Print Spooler service until a patch was made available.
The remote code execution vulnerability surfaces when the Windows Print Spooler service improperly performs privileged file operations, according to Microsoft.
“An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” it warned in an advisory.
SEE: Network security policy (TechRepublic Premium)
Microsoft has now completed its investigation and released security updates to address the security bug.
“The security updates released on and after July 6, 2021 contain protections for a remote code execution exploit in the Windows Print Spooler service known as “PrintNightmare”, documented in CVE-2021-34527, as well as for CVE-2021-1675,” Microsoft said.
“We recommend that you install these updates immediately,” Microsoft said.
The bug looks to be a serious concern at Microsoft, which has taken the rare step of releasing patches for Windows 7. That version of Windows reached the end of mainstream support on January 14, 2020.
Very occasionally Microsoft releases patches for unsupported versions of Windows. It did that for Windows XP in 2017 after the WannaCry ransomware attacks, which were blamed on North Korean hackers.
Windows 7 accounts for a smaller share of all Windows PCs out there today, but the numbers remained significantly large enough for Google to maintain Chrome support for Windows 7 until July 2021.
SEE: Ransomware: Paying up won’t stop you from getting hit again, says cybersecurity chief
However, some versions of Windows will get patches at a later date.
“Updates are not yet available for Windows 10 version 1607, Windows Server 2016, or Windows Server 2012. Security updates for these versions of Windows will be released soon,” Microsoft noted.
It’s also published queries that security teams who use Microsoft 365 Defender can use to hunt down exploits for the print spooler vulnerability.