Patches to hole a terrible flaw successful the Windows Print spooler are present disposable for Windows 10 Version 1607, Windows Server 2012 and Windows Server 2016.
Microsoft has present released patches to support each versions of Windows against the captious PrintNightmare flaw. On Tuesday, the institution had deployed fixes to screen astir but not each editions of Windows. On Wednesday, Microsoft patched the remaining versions of Windows, according to an update connected its message halfway page.
SEE: Checklist: Securing Windows 10 systems (TechRepublic Premium)
Newly patched arsenic of July 7 are Windows 10 mentation 1607, each editions of Windows Server 2012 (including Server Core) and each editions of Windows Server 2016 (including Server Core). This means that each 40 flavors of Windows present person a spot for this flaw, including ones nary longer supported by Microsoft, specified arsenic Windows 7 and Windows Server 2008.
Pushing retired patches for each versions of Windows, adjacent unsupported ones, shows however superior Microsoft considered this vulnerability. As different sign, the institution deployed the spot arsenic an out-of-band update, choosing not to hold until adjacent week's Patch Tuesday to rotation it out.
All idiosyncratic users should cheque Windows Update to download and instal the spot for their mentation of Windows, portion organizations should deploy the update done their spot absorption system. The updates are besides disposable by searching the Microsoft Update Catalog for the circumstantial Knowledge Base fig for your mentation of Windows and by utilizing the Windows Server Update Services (WSUS).
Fixing this peculiar occupation with the Windows Print spooler work was analyzable due to the fact that Microsoft had to spot 2 antithetic flaws. Known arsenic CVE-2021-1675, the archetypal flaw was patched done Microsoft's June 2021 information updates. But that inactive near a 2nd and much superior flaw.
Dubbed CVE-2021-34527 and nicknamed PrintNightmare, the 2nd vulnerability acrophobic an contented successful RpcAddPrinterDriverEx(), a relation that allows users to instal oregon update a printer driver. If exploited by an attacker, this 1 would person allowed them to instrumentality implicit a compromised machine to instal software, modify information and make caller idiosyncratic accounts.
The information updates released connected July 6 and July 7 see fixes for some flaws. Anyone incapable to instal the updates is advised to cheque the FAQ conception successful CVE-2021-34527 for steps connected protecting their systems. Information connected installing caller printer drivers aft applying the update is accessible successful Microsoft's KB5005010 enactment document.
Microsoft Weekly Newsletter
Be your company's Microsoft insider by speechmaking these Windows and Office tips, tricks, and cheat sheets. Delivered Mondays and WednesdaysSign up today
- Windows 11: Understanding the strategy requirements and the information benefits (TechRepublic)
- Microsoft's caller information instrumentality volition observe firmware vulnerabilities, and more, successful PCs and IoT devices (TechRepublic)
- Microsoft merchandise vulnerabilities reached a caller precocious of 1,268 successful 2020 (TechRepublic)
- How to go a cybersecurity pro: A cheat sheet (TechRepublic)
- Social engineering: A cheat expanse for concern professionals (free PDF) (TechRepublic)
- Online information 101: Tips for protecting your privateness from hackers and spies (ZDNet)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic connected Flipboard)