Microsoft has released an emergency Windows patch to fix a critical vulnerability in the Windows Print Spooler service called PrintNightmare that was revealed last week.
An attacker who successfully exploited this vulnerability could run arbitrary code with System privileges. An attacker could then install programmes, view, change, or delete data, or create new accounts with full user rights.
Microsoft said on Tuesday that it has completed the investigation and has released security updates to address this vulnerability.
“We recommend that you install these updates immediately. Note that the security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as “PrintNightmare,” the company said in an update.
Microsoft last week warned Windows users of an unpatched critical vulnerability that can help hackers install malicious programmes and access key data on their systems.
The US national cyber agency also admitted that the attacker can exploit ‘PrintNightmare’ to take control of an affected system.
The Print Spooler service runs by default on Windows, including on client versions of the OS, Domain Controllers, and many Windows Server instances.
Vulnerabilities in the Windows Print Spooler service have been a headache for system administrators for years.
This time, Microsoft has issued patches for Windows Server 2019, Windows Server 2012 R2, Windows Server 2008, Windows 8.1, Windows RT 8.1, a variety of supported versions of Windows 10, and even security patches for Windows 7 that is now out of support.