Microsoft releases a security patch for the PrintNightmare vulnerability in Windows. The emergency patch is a set of two remote code-execution of RCE vulnerabilities in the Print Spooler service of Windows. The vulnerabilities would have benefitted hackers to take over the infected system. However, many more fixes are required to provide protection before all the Windows systems get affected due to the bug, as per the federal government.
On July 6, Microsoft released an out-of-band update for many versions of windows in order to address the CVE-2021-34527, one of the two bugs. The bug was initially thought to be just one flaw, but it was later dubbed by the security researchers as PrintNightmare. However, the recent fix only addresses PrintNightmare’s RCE variants and does not address the LPE or local privilege escalation, as per an advisory of CISA. In addition, the updates do not even include windows Server 2016 or 2016 or Windows 10 version 1607. According to CERT/CC, these versions will be patched in the upcoming times. After providing the emergency patch, Microsoft has recommended users to install the updates as soon as possible.
The PrintNightmare saga started when a proof-of-concept exploits the vulnerability. At that time, it was tracked as CVE-2021-1675. It was dropped on GitHub, which showed that the way attackers could take advantage of the vulnerability and control the affected system. In response, Microsoft released an emergency patch for the vulnerability. It was earlier thought of as a minor EoP vulnerability, but later researchers figured out that it could be utilized for RCE.
Multiple Print Spooler Vulnerabilities
Over the years, Numerous print spooler vulnerabilities have been found. In particular 2020, Microsoft has been more vocal and aggressive about the growing need for security. It has also urged businesses to incline more towards the cloud from on-premises infrastructure. On July 6, the hackers tried to utilize IT distributor Synnex in order to access its customer applications that were stored within the Microsoft cloud environment.
The Chief technology officer at Interlink Cloud Advisors, Mike Wilson, said that Microsoft quickly acted on the patch. He added that the patch was extremely important as the vulnerability might have affected all the windows versions. The vulnerability could have led to a ransomware attack and malware embedding. Wilson also said that the transparency in the acknowledgment of the vulnerability and taking steps for its mitigation by providing an emergency patch are the biggest strengths of Microsoft as a partner.