July 6, 2021—KB5004951 (Security-only update) Out-of-band
The warning is in response to ‘PrintNightmare’, a critical zero day flaw in the Windows Print Spooler service which is actively being exploited by hackers to remotely execute code with system-level privileges (the ultimate goal for attacks). Now Microsoft has issued a series of fixes which, while flawed, are essential updates for all Windows users.
“We recommend that you install these updates immediately,” state.
And when I say “all Windows users”, Microsoft has gone so far as to provide fixes for eight versions of Windows 10 as well as Windows Server 2019, 2016, 2012 and 2008), Windows 8.1 and even Windows 7 for which support officially ended last year. You can find guides for each of these platforms below:
- Windows 10, version 21H1 (KB5004945)
- Windows 10, version 20H1 (KB5004945)
- Windows 10, version 2004 (KB5004945)
- Windows 10, version 1909 (KB5004946)
- Windows 10, version 1809 and Windows Server 2019 (KB5004947)
- Windows 10, version 1803 (KB5004949)
- Windows 10, version 1607 and Windows Server 2016 (KB5004948)
- Windows 10, version 1507 (KB5004950)
- Windows Server 2012 (KB5004960)
- Windows 8.1 and Windows Server 2012 R2 (KB5004958)
- Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB5004951)
- Windows Server 2008 SP2 (KB5004959)
You can also find fixes for the PrintNightmare vulnerability within Windows itself by following these steps:
- Windows Settings > Updates & Security > Windows Update.
- Click “Check for updates”
- Watch that a new July patch starts installing
- Restart your computer afterwards
Be warned, however, this is not the end. As BleepingComputer points out, the fix is “incomplete” and you will need a further unofficial fix from popular security specialist opatch to be truly secure. Expect Microsoft to release the necessary additional fixes soon, but opatch has your back in the meantime.
The Danger Of PrintNightmare
Why has PrintNightmare been so damaging? Because it was an accident. Security researchers accidentally published their proof-of-concept (PoC) exploit online which meant Microsoft caught completely off guard and hackers were spoonfed all the information required to start taking advantage of Windows computers around the world.
Furthermore, PrintNightmare attacks enable hackers to do whatever they want with your Windows system via remote code execution. This includes installing programs, modifying data and creating new accounts with full administration rights over your computer.
I expect the repercussions of PrintNightmare will run and run.
Sources:-