Patch Tuesday is not up Next Tuesday, but Windows is already getting cumulative updates this week. Microsoft fixes a critical vulnerability in several versions of Windows 10, including the latest version 21H1, but also goes back to the original Windows 10 version. The update is intended to fix a Windows 10 vulnerability called PrintNightmare that became known last week. This vulnerability could allow an attacker to use the Windows Print Spooler Service to take over an organization’s domain to spread malware.
Technical details and a proof-of-concept for the weak point were accidentally revealed because researchers have linked the vulnerability to another issue that was patched last week called CVE-2021-1675. The latter issue was fixed in the Windows June 10th Patch Tuesday update, but the PrintNightmare vulnerability was not. They then published the technical details of how the vulnerability was exploited before it was patched, which exposed the servers to attacks. This prompted the Cybersecurity & Infrastructure Security Agency, encourage Server administrators to disable the Windows print spooler service.
The severity of this vulnerability and its accidental disclosure prompted Microsoft to quickly release a patch. The vulnerability is now identified as CVE-2021-34527 and patched with today’s out-of-band update. The update that fixes the problem is marked with KB5004945 If you’re using Windows 10 versions 21H1, 20H2, or 2004, each of those versions will get you build numbers 19043.1083, 19042.1083, and 19041.83, respectively. You can Download the update manually Here. This fix is pretty much all that is new, and Microsoft has released some details about the vulnerability. The following is in the changelog:
Addresses a remote code execution exploit in the Windows Print Spooler Service known as PrintNightmare, as described in. documented CVE-2021-34527. After installing this and subsequent Windows updates, non-administrators can only install signed printer drivers on a print server. By default, administrators can install signed and unsigned printer drivers on a print server. The installed root certificates in the system’s trusted root certification authorities trust signed drivers. Microsoft recommends installing this update immediately on all supported Windows client and server operating systems, starting with devices that are currently hosting the print server role. You also have the option of the Limit driver installation to administrators Registry setting to prevent non-administrators from installing signed printer drivers on a print server. For more information, see KB5005010.
For other versions, see the links to the KB articles and download links below:
This update is mandatory, so it is available through Windows Update and will be installed automatically. However, you can use the download links to get it faster. Of course, this doesn’t change the schedule for next week’s Windows updates. These should contain a lot more corrections, and they will be mandatory too.