Microsoft releases emergency patch for critical vulnerability in Windows

 Microsoft has released an emergency patch for a critical vulnerability in Windows that could allow an attacker to execute arbitrary code with system privileges. The tech company is calling on organizations to install the security update urgently.

The vulnerability, designated CVE-2021-34527 and "PrintNightmare", resides in the Windows Print Spooler and allows remote code execution. The Print Spooler is responsible for processing print jobs. The vulnerability is caused by an attacker or user with access to a print server being able to install a driver on this server from a remote location. This makes it possible for the Print Spooler service to run any dll file with system privileges. The problem is present in all supported Windows versions.

The now released security update ensures that non-system administrators can only install signed print drivers on a print server. System administrators can install both unsigned and signed drivers by default. Microsoft has announced that security updates for Windows Server 2016, Windows 10 version 1607 and Windows Server 2012 will be released soon, as they are not yet ready to be released at this time.

Previous Post Next Post