Nottingham: 01158 244 824

Remote IT Support? Click Here!

Derby: 01332 890 370

Microsoft Releases Emergency Patch for Critical Windows Zero-day Vulnerability

Addressing a critical zero-day vulnerability, labelled PrintNightmare, Microsoft has issued an emergency update.

What is a Zero-day exploit?

A zero-day exploit means that hackers have found a vulnerability in a piece of software or hardware which doesn’t yet have a fix. If we relate this to the recent pandemic, it’s like a new virus (Covid-19) which is spreading without a vaccine. When this happens we can only mitigate against the risk, such as social distancing, because if you catch the virus there is no cure.

In the IT security world, once a vulnerability has been publicly disclosed and is widely known, it puts any business or individual at risk if they are using the vulnerable software.

PrintNightmare

The PrintNightmare zero-day, which is also tracked as CVE-2021-34527, affects the Windows Print Spooler service (which is software built within Windows that stores print jobs until the printer is ready to print and complete the action). The exploit can allow remote actors to run code, meaning the vulnerable Windows systems can be taken over by hackers, allowing them to make changes and see data and information.

A remote code execution and a local privilege escalation can be used by cyber criminals to either gain unauthorised admin level access to Windows systems remotely (from the same network) or to access local systems as an administrator even if they’re a standard user.

The CERT Coordination Center said: “The Microsoft Windows Print Spooler service fails to restrict access to functionality that allows users to add printers and related drivers, which can allow a remote authenticated attacker to execute arbitrary code with system privileges on a vulnerable system“.

However, the latest emergency update for this exploit is only targeted at the Remote Code Execution (via SMB and RPC) Variants of the attack but not the Local Privilege Escalation (LPE) variant, which could still allow standard users to gain unauthorised access to administrative privileges on a system. Microsoft recommends that you disable the Print Spooler service to block any remote attacks and remain secure.

Microsoft has released updates for the following systems:

– Windows Server 2012 R2

– Windows Server 2008

– Windows Server 2019

– Windows 8.1

– Windows RT 8.1

– Windows 10 (versions 21H1, 20H2, 2004, 1909, 1809, 1803, and 1507)

 

Please refer to the following page from Microsoft for details on how to deploy the update on your vulnerable systems or to implement a workaround:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

Get in touch.

Got any questions about zero-day attacks or any help with your Windows updates? Feel free to call us on 01158 244 824 or email us via the button below.

5.0 56 reviews

  • Avatar Tom M. ★★★★★ 2 months ago
    A recent utility emergency at one of our sites was made much more bearable due to Reformed going above and beyond. Would recommend for all IT and communication requirements.
  • Avatar Laura H. ★★★★★ 4 months ago
    Always helpful when I have any issues in office. Today, my laptop died whilst working from home and after not being able to help remotely, Joe came over and was able to fix the problem! … More Super fast solution. Was here within half an hour, another half an hour later - Laptop working again.
  • Avatar Louis D. ★★★★★ 7 months ago
    Scott helped me regain most of my lost emails after moving over to a different email provider. Mentioned he was just happy to help out a small local business. he was really professional … More and spent a good deal of time helping me with my problem! cannot recommend them enough and saved my skin!
  • Avatar Caroline S. ★★★★★ 7 months ago
    We have recently had Reformed IT install a new 3CX phone and IT systems. Their team are extremely friendly and helpful. Nothing has been too much trouble for them. I would highly … More recommend their services.