Microsoft Releases Emergency Patch for Critical Windows Zero-day Vulnerability

Addressing a critical zero-day vulnerability, labelled PrintNightmare, Microsoft has issued an emergency update.

What is a Zero-day exploit?

A zero-day exploit means that hackers have found a vulnerability in a piece of software or hardware which doesn’t yet have a fix. If we relate this to the recent pandemic, it’s like a new virus (Covid-19) which is spreading without a vaccine. When this happens we can only mitigate against the risk, such as social distancing, because if you catch the virus there is no cure.

In the IT security world, once a vulnerability has been publicly disclosed and is widely known, it puts any business or individual at risk if they are using the vulnerable software.

PrintNightmare

The PrintNightmare zero-day, which is also tracked as CVE-2021-34527, affects the Windows Print Spooler service (which is software built within Windows that stores print jobs until the printer is ready to print and complete the action). The exploit can allow remote actors to run code, meaning the vulnerable Windows systems can be taken over by hackers, allowing them to make changes and see data and information.

A remote code execution and a local privilege escalation can be used by cyber criminals to either gain unauthorised admin level access to Windows systems remotely (from the same network) or to access local systems as an administrator even if they’re a standard user.

The CERT Coordination Center said: “The Microsoft Windows Print Spooler service fails to restrict access to functionality that allows users to add printers and related drivers, which can allow a remote authenticated attacker to execute arbitrary code with system privileges on a vulnerable system“.

However, the latest emergency update for this exploit is only targeted at the Remote Code Execution (via SMB and RPC) Variants of the attack but not the Local Privilege Escalation (LPE) variant, which could still allow standard users to gain unauthorised access to administrative privileges on a system. Microsoft recommends that you disable the Print Spooler service to block any remote attacks and remain secure.

Microsoft has released updates for the following systems:

– Windows Server 2012 R2

– Windows Server 2008

– Windows Server 2019

– Windows 8.1

– Windows RT 8.1

– Windows 10 (versions 21H1, 20H2, 2004, 1909, 1809, 1803, and 1507)

 

Please refer to the following page from Microsoft for details on how to deploy the update on your vulnerable systems or to implement a workaround:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

Get in touch.

Got any questions about zero-day attacks or any help with your Windows updates? Feel free to call us on 01158 244 824 or email us via the button below.

5.0 97 reviews

  • Avatar Nathan W. ★★★★★ 3 months ago
    Reformed IT have been beyond brilliant with helping us improve our current IT infrastructure and security. The services that they provide has taken enormous pressure off our internal … More IT team. They are always keen on sharing their knowledge and skills and always go above and beyond. I can’t recommend them highly enough.
  • Avatar Lisa S. ★★★★★ 3 months ago
    Absolutely brilliant service! Friendly, knowledgeable and really helpful without making me feel stupid for not understanding IT wizardry!
  • Avatar Debbie D. ★★★★★ 6 months ago
    Great service so far what with me being a new starter, & I've heard really positive things about Reformed IT from many of my colleagues, so I have no doubt this great service … More will continue!
  • Avatar Chloe J. ★★★★★ 9 months ago
    Reformed IT always provide excellent service and support. Since working for Walton and Allen the team have always been fast to resolve any IT issues I have had. Thank you for all of … More your help 🙂