Microsoft Releases Emergency Patch for Critical Windows Zero-day Vulnerability

Addressing a critical zero-day vulnerability, labelled PrintNightmare, Microsoft has issued an emergency update.

What is a Zero-day exploit?

A zero-day exploit means that hackers have found a vulnerability in a piece of software or hardware which doesn’t yet have a fix. If we relate this to the recent pandemic, it’s like a new virus (Covid-19) which is spreading without a vaccine. When this happens we can only mitigate against the risk, such as social distancing, because if you catch the virus there is no cure.

In the IT security world, once a vulnerability has been publicly disclosed and is widely known, it puts any business or individual at risk if they are using the vulnerable software.


The PrintNightmare zero-day, which is also tracked as CVE-2021-34527, affects the Windows Print Spooler service (which is software built within Windows that stores print jobs until the printer is ready to print and complete the action). The exploit can allow remote actors to run code, meaning the vulnerable Windows systems can be taken over by hackers, allowing them to make changes and see data and information.

A remote code execution and a local privilege escalation can be used by cyber criminals to either gain unauthorised admin level access to Windows systems remotely (from the same network) or to access local systems as an administrator even if they’re a standard user.

The CERT Coordination Center said: “The Microsoft Windows Print Spooler service fails to restrict access to functionality that allows users to add printers and related drivers, which can allow a remote authenticated attacker to execute arbitrary code with system privileges on a vulnerable system“.

However, the latest emergency update for this exploit is only targeted at the Remote Code Execution (via SMB and RPC) Variants of the attack but not the Local Privilege Escalation (LPE) variant, which could still allow standard users to gain unauthorised access to administrative privileges on a system. Microsoft recommends that you disable the Print Spooler service to block any remote attacks and remain secure.

Microsoft has released updates for the following systems:

– Windows Server 2012 R2

– Windows Server 2008

– Windows Server 2019

– Windows 8.1

– Windows RT 8.1

– Windows 10 (versions 21H1, 20H2, 2004, 1909, 1809, 1803, and 1507)


Please refer to the following page from Microsoft for details on how to deploy the update on your vulnerable systems or to implement a workaround:

Get in touch.

Got any questions about zero-day attacks or any help with your Windows updates? Feel free to call us on 01158 244 824 or email us via the button below.

5.0 95 reviews

  • Avatar Richard W. ★★★★★ 4 months ago
    We've only been using Reformed IT since the start of this year but we've had a great service from them. The service desk quickly resolve any issues & Joe & Scott have … More been very proactive in increasing our IT security & offering advice on how best to configure our systems & equipment. Can't recommend them highly enough!
  • Avatar Samuel H. ★★★★★ 5 months ago
    Reformed IT are absolutely fantastic. They consistently go above and beyond to help no matter what issue I present them with.
    It is refreshing to have a provider that not only knows
    … More their stuff but is responsive and look to build a relationship with their client to provide a 'total package' experience.
  • Avatar Boneham T. ★★★★★ 4 months ago
    Reformed IT are a refreshing and innovative managed IT provider. They have been hands down the most proactive and responsive IT support company we have worked with. If you take your … More IT, cyber security and networked systems seriously, ensuring continuity, resilience and a high level of response and support, then we can honestly recommend the Reformed IT approach.
  • Avatar Karolina D. ★★★★★ 5 months ago
    Reformed IT always provides excellent technical support. I've always found them to be reliable and effective IT support specialists. You can reach out to them for any technical … More or non technical issues, they would have an answer for everything or will get it for you in no time. I can't recommend them highly enough.