[German]As of July 6, 2021, in addition to the regular Office updates (see Microsoft Office Patchday (July 6, 2021), Fix for Outlook Crashes), Microsoft has also released an emergency update to close the PrintNightmare vulnerability in the Windows Print Spooler. Blog reader Harald L. pointed out this update in this comment. Prompt installation of this security-critical update is recommended – although administrators in server environments should first run a test.
Advertising
The vulnerability CVE-2021-1675
In early July 2021, I had reported the CVE-2021-1675 vulnerability in the Windows Print Spooler in the blog post PoC for Windows print spooler vulnerability public, high RCE risk. It is a remote code execution (RCE) vulnerability that could allow an attacker to execute arbitrary code with SYSTEM privileges. This includes installing programs, viewing, modifying or deleting data, or creating new accounts with full user privileges. An attack requires an authenticated user to call RpcAddPrinterDriverEx().
Problem was, a group of Chinese security researchers inadvertently published a proof-of-concept (PoC) for exploiting the vulnerability on June 28, 2021. Microsoft confirmed that and US CISA recommended disabling the Windows Print Spooler service for security reasons, as there were already attacks. I had addressed this within the blog post Windows Print Spooler Vulnerability (CVE-2021-1675, PrintNightmare) Confirmed by MS; CISA Warns.
Out-of-Band Update from July 6, 2021 released
Now Microsoft has addressed the vulnerability with an out-of-band-update released an July 6, 2021 for most Windows versions. Last night I received an e-mail with the following text:
*********************************************************************
Title: Microsoft Security Update Revisions
Issued: July 6, 2021
*********************************************************************
Summary
=======
Advertising
The following CVE has undergone a major revision increment.
=====================================================================
* CVE-2021-34527
– CVE-2021-34527 | Windows Print Spooler Remote Code Execution Vulnerability-
– Version: 2.0
– Reason for Revision: CVE updated to announce that Microsoft is releasing an update
for several versions of Window to address this vulnerability. Updates are not yet
available for Windows 10 version 1607, Windows Server 2016, or Windows Server 2012.
Security updates for these versions of Windows will be released soon. Other
information has been updated as well. This information will be updated when more
information or updates are available.
– Originally posted: July 1, 2021
– Updated: July 6, 2021
– Aggregate CVE Severity Rating: Critical
Microsoft has released a special update for various Windows versions for July 6, 2021. These are distributed via Windows Update, WSUS and the Microsoft Update Catalog.
- KB5004955: Monthly Rollup Update for Windows Server 2008 SP2
- KB5004959: Security only Update for Windows Server 2008 SP2
- KB5004953: Monthly Rollup Update for Windows 7, Windows Server 2008 R2 SP1
- KB5004951: Security only Update for Windows 7, Windows Server 2008 R2 SP1
- KB5004954: Monthly Rollup Update for Windows 8.1, Windows Server 2012 R2
- KB5004958: Security only Update for Windows 8.1, Windows Server 2012 R2
- KB5004950: Cumulative Update for Windows 10 (RTM)
- KB5004947: Cumulative Update for Windows 10 Version 1809, Windows Server 2018 / 2019, Windows 10 Enterprise 2019 LTSC
- KB5004946: Cumulative Update for Windows 10 Enterprise 2019 LTSC, Windows 10 IoT Enterprise 2019 LTSC, Windows 10 IoT Core 2019 LTSC, Windows Server 2019
- KB5004945: Cumulative Update for Windows 10 Version 2004 – 21H1 und Windows Server 2004
Details about the updates, known bugs and more can be found in the linked KB articles. The list of released updates can be found at CVE-2021-34527. No updates are yet available for Windows 10 version 1607, Windows Server 2016 and Windows Server 2012.
Addendum: There are first reports, that these updates are bricking some printer (Zebra label printer) drivers.
Addendum 2: The missing updates ar out PrintNightmare out-of-band update also for Windows Server 2012 and 2016 (July 7, 2021)
Similar articles:
Microsoft Office Patchday (July 6, 2021), Fix for Outlook Crashes
PoC for Windows print spooler vulnerability public, high RCE risk
Windows Print Spooler Vulnerability (CVE-2021-1675, PrintNightmare) Confirmed by MS; CISA Warns
0Patch Micropatches for PrintNightmare Vulnerability (CVE-2021-34527)
Out-of-Band Update closes Windows PrintNightmare Vulnerability (July 6, 2021)
PrintNightmare out-of-band update also for Windows Server 2012 and 2016 (July 7, 2021)
The Chaos PrintNightmare Emergency Update (July 6/7, 2021)
Windows 10: Microsoft fixes Zebr & Dymo printer issues caused by update (e.g. KB5004945) via KIR
Microsoft on PrintNightmare vulnerability CVE-2021-34527: Windows is secure after patch
Advertising
Someone knows if Windows 7 Is supported without ESU?
Thanks
ESU is required – or BypassESU – or use 0patch.
Thankyou!
the KB5004951 & KB5004953 Win7 updates require a valid ESU license, parosoft.
they will not install on non-ESU based Win7 systems.
note to guenni:
KB5004948 update for Windows 10 version 1607 / Server 2016 / LTSB 2016 released July 7:
https://support.microsoft.com/help/5004948
KB5004956 monthly rollup & KB5004960 security-only update for Windows Embedded 8 / Server 2012 released July 7:
https://support.microsoft.com/help/5004956
https://support.microsoft.com/help/5004960
Thx, the article is out – see the link at the article`s end.
Thankyou!