Earlier last week, Microsoft acknowledged that it was investigating a critical vulnerability in Windows 10 that when exploited could let attackers run arbitrary code on the victim’s system. The vulnerability, tracked under CVE-2021-34527, is present in the Windows Print Spooler service and is termed print "PrintNightmare" that can allow for remote code execution (RCE). As the vulnerability was still being investigated, the Redmond firm listed two possible workarounds to mitigate the risks caused by the bug.
Today, the firm has provided an update in the Microsoft Security Response Center (MSRC) listing for the vulnerability noting that it is rolling out a patch for the latest Windows 10 versions to address the issue. The update, KB5004945, is currently rolling out to the three most recent Windows 10 versions, 2004, 20H2, and 21H1, bumping them to Windows 10 builds 19041.1083, 19042.1083, and 19043.1083, respectively. Since these versions are based on the same codebase, the updates are identical for all the versions. The changelog and documentation for the update are yet to go live.
Considering that these are security updates to fix a critical vulnerability, they are mandatory updates and are downloaded automatically through Windows Update. Users can also manually download the patch from the Update Catalog here. Future patches, such as the upcoming Patch Tuesday updates, will contain these fixes.
There is no word from the firm on how the vulnerability affects older versions of the OS, though it notes that it has completed the investigation of the issue. The updates today are only rolling out to the three most recent and fully supported Windows 10 versions, but it will not be surprising to see a patch being made available for older versions still being supported for Enterprise and Education customers sooner, as the firm notes that supported Windows versions that do not receive an update today will get one "shortly after July 6".
For those unaware, the PrintNightmare vulnerability is caused by the Print Spooler service not restricting access to a function that is used to install printer drivers remotely. An attacker that gains unrestricted access can execute arbitrary code with SYSTEM privileges, examples of which are already available on the web. Considering the severity of the vulnerability, it is best for all users to update to the latest build as soon as possible.
Update: The patches are available for most supported Windows 10, Windows 8.1, and Windows 7 (ESU users). You can either update via Windows Update, or head to the MSRC document to find links to the requisite Update Catalog pages. The company has also provided the KB article links, but as is the case these days, those pages are yet to be updated. Windows 10 version 1607, Windows Server 2012, and Windows Server 2016 are yet to receive updates.
Here is the complete list of links posted by the firm:
Product | Severity | Article | Download |
---|---|---|---|
Windows Server 2012 R2 (Server Core installation) | Critical | 5004954 | Monthly Rollup |
Windows Server 2012 R2 (Server Core installation) | Critical | 5004958 | Security Only |
Windows Server 2012 R2 | Critical | 5004954 | Monthly Rollup |
Windows Server 2012 R2 | Critical | 5004958 | Security Only |
Windows Server 2012 (Server Core installation) | Critical | ||
Windows Server 2012 | Critical | ||
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Critical | 5004953 | Monthly Rollup |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Critical | 5004951 | Security Only |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Critical | 5004953 | Monthly Rollup |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Critical | 5004951 | Security Only |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Critical | 5004955 | Monthly Rollup |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Critical | 5004959 | Security Only |
Windows Server 2008 for x64-based Systems Service Pack 2 | Critical | 5004955 | Monthly Rollup |
Windows Server 2008 for x64-based Systems Service Pack 2 | Critical | 5004959 | Security Only |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | Critical | 5004955 | Monthly Rollup |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | Critical | 5004959 | Security Only |
Windows Server 2008 for 32-bit Systems Service Pack 2 | Critical | 5004955 | Monthly Rollup |
Windows Server 2008 for 32-bit Systems Service Pack 2 | Critical | 5004959 | Security Only |
Windows 8.1 for x64-based systems | Critical | 5004954 | Monthly Rollup |
Windows 8.1 for x64-based systems | Critical | 5004958 | Security Only |
Windows 8.1 for 32-bit systems | Critical | 5004954 | Monthly Rollup |
Windows 8.1 for 32-bit systems | Critical | 5004958 | Security Only |
Windows 7 for x64-based Systems Service Pack 1 | Critical | 5004953 | Monthly Rollup |
Windows 7 for x64-based Systems Service Pack 1 | Critical | 5004951 | Security Only |
Windows 7 for 32-bit Systems Service Pack 1 | Critical | 5004953 | Monthly Rollup |
Windows 7 for 32-bit Systems Service Pack 1 | Critical | 5004951 | Security Only |
Windows Server 2016 (Server Core installation) | Critical | ||
Windows Server 2016 | Critical | ||
Windows 10 Version 1607 for x64-based Systems | Critical | ||
Windows 10 Version 1607 for 32-bit Systems | Critical | ||
Windows 10 for x64-based Systems | Critical | 5004950 | Security Update |
Windows 10 for 32-bit Systems | Critical | 5004950 | Security Update |
Windows Server, version 20H2 (Server Core Installation) | Critical | 5004945 | Security Update |
Windows 10 Version 20H2 for ARM64-based Systems | Critical | 5004945 | Security Update |
Windows 10 Version 20H2 for 32-bit Systems | Critical | 5004945 | Security Update |
Windows 10 Version 20H2 for x64-based Systems | Critical | 5004945 | Security Update |
Windows Server, version 2004 (Server Core installation) | Critical | 5004945 | Security Update |
Windows 10 Version 2004 for x64-based Systems | Critical | 5004945 | Security Update |
Windows 10 Version 2004 for ARM64-based Systems | Critical | 5004945 | Security Update |
Windows 10 Version 2004 for 32-bit Systems | Critical | 5004945 | Security Update |
Windows 10 Version 21H1 for 32-bit Systems | Critical | 5004945 | Security Update |
Windows 10 Version 21H1 for ARM64-based Systems | Critical | 5004945 | Security Update |
Windows 10 Version 21H1 for x64-based Systems | Critical | 5004945 | Security Update |
Windows 10 Version 1909 for ARM64-based Systems | Critical | 5004946 | Security Update |
Windows 10 Version 1909 for x64-based Systems | Critical | 5004946 | Security Update |
Windows 10 Version 1909 for 32-bit Systems | Critical | 5004946 | Security Update |
Windows Server 2019 (Server Core installation) | Critical | 5004947 | Security Update |
Windows Server 2019 | Critical | 5004947 | Security Update |
Windows 10 Version 1809 for ARM64-based Systems | Critical | 5004947 | Security Update |
Windows 10 Version 1809 for x64-based Systems | Critical | 5004947 | Security Update |
Windows 10 Version 1809 for 32-bit Systems | Critical | 5004947 | Security Update |
Update 2: The KB articles are now live for those interested in reading through the changelog. For Windows 10, the changelog is mostly similar across versions. Here is how the firm details the update:
Addresses a remote code execution exploit in the Windows Print Spooler service, known as “PrintNightmare”, as documented in CVE-2021-34527. After installing this and later Windows updates, users who are not administrators can only install signed print drivers to a print server. By default, administrators can install signed and unsigned printer drivers to a print server. The installed root certificates in the system’s Trusted Root Certification Authorities trusts signed drivers. Microsoft recommends that you immediately install this update on all supported Windows client and server operating system, starting with devices that currently host the print server role. You also have the option to configure the RestrictDriverInstallationToAdministrators registry setting to prevent non-administrators from installing signed printer drivers on a print server. For more information, see KB5005010.