07/09 Update below. This post was originally published on July 7
Windows 10’s one billion users need to be on high alert because Microsoft has issued a serious update warning and everyone needs to take action.
The warning is in response to ‘PrintNightmare’, a critical zero day flaw in the Windows Print Spooler service which is actively being exploited by hackers to remotely execute code with system-level privileges (the ultimate goal for attacks). Now Microsoft has issued a series of fixes which, while flawed, are essential updates for all Windows users.
07/09 Update: Microsoft’s urgency to patch the PrintNightmare flaw appears to have backfired for a subset of users. Microsoft has subsequently issued the following statement to The Verge:
“We are aware of a printing issue caused by the July 6 Windows “KB5004945“ update affecting multiple brands of printers. Microsoft has investigated this issue and plans to release an update addressing the issue within the next 1–2 business days. An immediate way to address the issue is to uninstall the Windows “KB5004945“ update or uninstall the affected printer driver and reinstall using Administrative credentials. Long term, we encourage the use of the newer Windows update Microsoft is planning to release. Customers who need assistance regarding Zebra printers may contact our Technical Support Team.”
MORE FOR YOU
Asking users of every version of Windows to uninstall this critical update just two days after urging them to install it “immediately” is somewhat embarassing for Microsoft. Especially in a time where Windows updates are regularly criticised for causing as many problems as they fix. That said, “1-2 business days” means we should see a replacement patch released by Tuesday. It’s not a long time to wait, but all Windows users should stay vigilant in the meantime.
In a new update, Microsoft warns that “We recommend that you install these updates immediately,” states Microsoft. “The security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as ‘PrintNightmare’, documented in CVE-2021-34527.”
And when I say “all Windows users”, Microsoft has gone so far as to provide fixes for eight versions of Windows 10 as well as Windows Server 2019, 2016, 2012 and 2008), Windows 8.1 and even Windows 7 for which support officially ended last year. You can find guides for each of these platforms below:
You can also find fixes for the PrintNightmare vulnerability within Windows itself by following these steps:
- Windows Settings > Updates & Security > Windows Update.
- Click “Check for updates”
- Watch that a new July patch starts installing
- Restart your computer afterwards
Be warned, however, this is not the end. As BleepingComputer points out, the fix is “incomplete” and you will need a further unofficial fix from popular security specialist opatch to be truly secure. Expect Microsoft to release the necessary additional fixes soon, but opatch has your back in the meantime.
The Danger Of PrintNightmare
Why has PrintNightmare been so damaging? Because it was an accident. Security researchers accidentally published their proof-of-concept (PoC) exploit online which meant Microsoft caught completely off guard and hackers were spoonfed all the information required to start taking advantage of Windows computers around the world.
Furthermore, PrintNightmare attacks enable hackers to do whatever they want with your Windows system via remote code execution. This includes installing programs, modifying data and creating new accounts with full administration rights over your computer.
I expect the repercussions of PrintNightmare will run and run.
More On Forbes