Out-of-Band Update closes Windows PrintNightmare Vulnerability (July 6, 2021)

Update[German]As of July 6, 2021, in addition to the regular Office updates (see Microsoft Office Patchday (July 6, 2021), Fix for Outlook Crashes), Microsoft has also released an emergency update to close the PrintNightmare vulnerability in the Windows Print Spooler. Blog reader Harald L. pointed out this update in this comment. Prompt installation of this security-critical update is recommended – although administrators in server environments should first run a test.


Advertising

The vulnerability CVE-2021-1675

In early July 2021, I had reported the CVE-2021-1675 vulnerability in the Windows Print Spooler in the blog post PoC for Windows print spooler vulnerability public, high RCE risk. It is a remote code execution (RCE) vulnerability that could allow an attacker to execute arbitrary code with SYSTEM privileges. This includes installing programs, viewing, modifying or deleting data, or creating new accounts with full user privileges. An attack requires an authenticated user to call RpcAddPrinterDriverEx().

Problem was, a group of Chinese security researchers inadvertently published a proof-of-concept (PoC) for exploiting the vulnerability on June 28, 2021. Microsoft confirmed that and US CISA recommended disabling the Windows Print Spooler service for security reasons, as there were already attacks. I had addressed this within the blog post Windows Print Spooler Vulnerability (CVE-2021-1675, PrintNightmare) Confirmed by MS; CISA Warns.

Out-of-Band Update from July 6, 2021 released

Now Microsoft has addressed the vulnerability with an out-of-band-update released an July 6, 2021 for most Windows versions.  Last night I received an e-mail with the following text:

*********************************************************************
Title: Microsoft Security Update Revisions
Issued: July 6, 2021
*********************************************************************

Summary
=======


Advertising

The following CVE has undergone a major revision increment.

=====================================================================

* CVE-2021-34527

CVE-2021-34527 | Windows Print Spooler Remote Code Execution Vulnerability-
– Version: 2.0
– Reason for Revision: CVE updated to announce that Microsoft is releasing an update
for several versions of Window to address this vulnerability. Updates are not yet
available for Windows 10 version 1607, Windows Server 2016, or Windows Server 2012.
Security updates for these versions of Windows will be released soon. Other
information has been updated as well. This information will be updated when more
information or updates are available.
– Originally posted: July 1, 2021
– Updated: July 6, 2021
– Aggregate CVE Severity Rating: Critical

Microsoft has released a special update for various Windows versions for July 6, 2021. These are distributed via Windows Update, WSUS and the Microsoft Update Catalog.

  • KB5004955: Monthly Rollup Update for Windows Server 2008 SP2
  • KB5004959: Security only Update for Windows Server 2008 SP2
  • KB5004953: Monthly Rollup Update for Windows 7, Windows Server 2008 R2 SP1
  • KB5004951: Security only Update for Windows 7, Windows Server 2008 R2 SP1
  • KB5004954: Monthly Rollup Update for Windows 8.1, Windows Server 2012 R2
  • KB5004958: Security only Update for Windows 8.1, Windows Server 2012 R2
  • KB5004950: Cumulative Update for Windows 10 (RTM)
  • KB5004947: Cumulative Update for Windows 10  Version 1809, Windows Server 2018 / 2019, Windows 10 Enterprise 2019 LTSC
  • KB5004946: Cumulative Update for Windows 10 Enterprise 2019 LTSC, Windows 10 IoT Enterprise 2019 LTSC, Windows 10 IoT Core 2019 LTSC, Windows Server 2019
  • KB5004945: Cumulative Update for Windows 10  Version 2004 – 21H1 und Windows Server 2004

Details about the updates, known bugs and more can be found in the linked KB articles. The list of released updates can be found at CVE-2021-34527. No updates are yet available for Windows 10 version 1607, Windows Server 2016 and Windows Server 2012.

Addendum: There are first reports, that these updates are bricking some printer  (Zebra label printer) drivers.

Addendum 2: The missing updates ar out PrintNightmare out-of-band update also for Windows Server 2012 and 2016 (July 7, 2021)

Similar articles:
Microsoft Office Patchday (July 6, 2021), Fix for Outlook Crashes
PoC for Windows print spooler vulnerability public, high RCE risk
Windows Print Spooler Vulnerability (CVE-2021-1675, PrintNightmare) Confirmed by MS; CISA Warns
0Patch Micropatches for PrintNightmare Vulnerability (CVE-2021-34527)
Out-of-Band Update closes Windows PrintNightmare Vulnerability (July 6, 2021)
PrintNightmare out-of-band update also for Windows Server 2012 and 2016 (July 7, 2021)
The Chaos PrintNightmare Emergency Update (July 6/7, 2021)
Windows 10: Microsoft fixes Zebr & Dymo printer issues caused by update (e.g. KB5004945) via KIR
Microsoft on PrintNightmare vulnerability CVE-2021-34527: Windows is secure after patch


Cookies helps to fund this blog: Cookie settings
Advertising


This entry was posted in Security, Update, Windows and tagged , , , , , , . Bookmark the permalink.

6 Responses to Out-of-Band Update closes Windows PrintNightmare Vulnerability (July 6, 2021)

  1. parosoft says:

    Someone knows if Windows 7 Is supported without ESU?
    Thanks

Leave a Reply

Your email address will not be published.