Including on client versions of the OS, Domain Controllers, and many Windows Server instances, the Windows Print Spooler service runs by default on Windows
To fix a critical vulnerability in the Windows Print Spooler service called PrintNightmare Microsoft has released an emergency Windows patch. PrintNightmare was released last week.
An attacker who successfully exploited this vulnerability could run arbitrary code with System privileges. An attacker could then install programmes, view, change, or delete data, or create new accounts with full user rights.
Microsoft said on Tuesday that it has completed the investigation and has released security updates to address this vulnerability.
“We recommend that you install these updates immediately. Note that the security updates released on and after 6 July 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as PrintNightmare”, the company said in an update.
Last week, Microsoft warned Windows users of an unpatched critical vulnerability that can help hackers install malicious programmes and access key data on their systems.
The US national cyber agency also admitted that to take control of an affected system, the attacker can exploit PrintNightmare.
Including on client versions of the OS, Domain Controllers, and many Windows Server instances, the Windows Print Spooler service runs by default on Windows.
For years, vulnerabilities in the Windows Print Spooler service have been a headache for system administrators.
This time, Microsoft has issued patches for Windows Server 2019, Windows Server 2012 R2, Windows Server 2008, Windows 8.1, Windows RT 8.1, a variety of supported versions of Windows 10, and even security patches for Windows 7 that is now out of support.