Microsoft Releases Emergency Patch for Critical Windows Zero-day Vulnerability
Addressing a critical zero-day vulnerability, labelled PrintNightmare, Microsoft has issued an emergency update.
What is a Zero-day exploit?
A zero-day exploit means that hackers have found a vulnerability in a piece of software or hardware which doesn’t yet have a fix. If we relate this to the recent pandemic, it’s like a new virus (Covid-19) which is spreading without a vaccine. When this happens we can only mitigate against the risk, such as social distancing, because if you catch the virus there is no cure.
In the IT security world, once a vulnerability has been publicly disclosed and is widely known, it puts any business or individual at risk if they are using the vulnerable software.
The PrintNightmare zero-day, which is also tracked as CVE-2021-34527, affects the Windows Print Spooler service (which is software built within Windows that stores print jobs until the printer is ready to print and complete the action). The exploit can allow remote actors to run code, meaning the vulnerable Windows systems can be taken over by hackers, allowing them to make changes and see data and information.
A remote code execution and a local privilege escalation can be used by cyber criminals to either gain unauthorised admin level access to Windows systems remotely (from the same network) or to access local systems as an administrator even if they’re a standard user.
The CERT Coordination Center said: “The Microsoft Windows Print Spooler service fails to restrict access to functionality that allows users to add printers and related drivers, which can allow a remote authenticated attacker to execute arbitrary code with system privileges on a vulnerable system“.
However, the latest emergency update for this exploit is only targeted at the Remote Code Execution (via SMB and RPC) Variants of the attack but not the Local Privilege Escalation (LPE) variant, which could still allow standard users to gain unauthorised access to administrative privileges on a system. Microsoft recommends that you disable the Print Spooler service to block any remote attacks and remain secure.
Microsoft has released updates for the following systems:
– Windows Server 2012 R2
– Windows Server 2008
– Windows Server 2019
– Windows 8.1
– Windows RT 8.1
– Windows 10 (versions 21H1, 20H2, 2004, 1909, 1809, 1803, and 1507)
Please refer to the following page from Microsoft for details on how to deploy the update on your vulnerable systems or to implement a workaround:
Get in touch.
Got any questions about zero-day attacks or any help with your Windows updates? Feel free to call us on 01158 244 824 or email us via the button below.