PrintNightmare out-of-band update also for Windows Server 2012 and 2016 (July 7, 2021)

[German]As of July 7, 2021, Microsoft has now also released the emergency update to close the PrintNightmare vulnerability (CVE-2021-1675) in the Windows Print Spooler services for all Windows versions (the still missing updates for Windows Server versions 2012 and 2016 has been released. An immediate installation of this security-critical update is recommended by Microsoft – although administrators in server environments should first run a test.

The vulnerability CVE-2021-1675

In early July 2021, I had reported the CVE-2021-1675 vulnerability in the Windows Print Spooler service in the blog post PoC for Windows print spooler vulnerability public, high RCE risk. It is a remote code execution (RCE) vulnerability that could allow an attacker to execute arbitrary code with SYSTEM privileges. This includes installing programs, viewing, modifying or deleting data, or creating new accounts with full user privileges. An attack requires an authenticated user to call RpcAddPrinterDriverEx(). After a proof of concept (PoC) was published, there have already been initial attacks against the vulnerability.

Out-of-band update for all Windows versions

Microsoft had already issued unscheduled security updates for the still supported Windows versions on July 6, 2021. I had reported in the blog post Out-of-Band Update closes Windows PrintNightmare Vulnerability (July 6, 2021). However, the updates for Windows 10 version 1607, Windows Server 2016 and Windows Server 2012 were still missing. As of July 7, 2021, Microsoft has now delivered the missing updates. Here is the list of all special updates to close the CVE-2021-1675 vulnerability in the Windows Print Spooler service.

• KB5004955: Monthly Rollup Update for Windows Server 2008 SP2
• KB5004959: Security only Update for Windows Server 2008 SP2
• KB5004953: Monthly Rollup Update for Windows 7, Windows Server 2008 R2 SP1
• KB5004951: Security only Update for Windows 7, Windows Server 2008 R2 SP1
• KB5004954: Monthly Rollup Update for Windows 8.1, Windows Server 2012 R2
• KB5004958: Security only Update for Windows 8.1, Windows Server 2012 R2
• Neu KB5004956: Monthly Rollup Update for Windows Server 2012
• Neu KB5004960: Security only Update for Windows Server 2012
• KB5004950: Cumulative Update for Windows 10 (RTM)
• Neu KB5004948: Cumulative Update for Windows 10 Version 1607 and Windows Server 2016
• KB5004947: Cumulative Update for Windows 10  Version 1809, Windows Server 2018 / 2019, Windows 10 Enterprise 2019 LTSC
• KB5004946: Cumulative Update for Windows 10 Enterprise 2019 LTSC, Windows 10 IoT Enterprise 2019 LTSC, Windows 10 IoT Core 2019 LTSC, Windows Server 2019
• KB5004945: Cumulative Update for Windows 10  Version 2004 – 21H1 und Windows Server 2004

The list of released updates can be found at CVE-2021-34527. Details about the updates, known bugs and more can be found in the linked KB articles. However, note the comments about problems with Zebra label printers in the German article Notfall-Update schließt PrintNightmare-Schwachstelle in Windows (6. Juli 2021). In addition, the patch is unlikely to be effective against new vulnerabilities that are now known.

Similar articles:
Microsoft Office Patchday (July 6, 2021), Fix for Outlook Crashes
PoC for Windows print spooler vulnerability public, high RCE risk
Windows Print Spooler Vulnerability (CVE-2021-1675, PrintNightmare) Confirmed by MS; CISA Warns
0Patch Micropatches for PrintNightmare Vulnerability (CVE-2021-34527)
Out-of-Band Update closes Windows PrintNightmare Vulnerability (July 6, 2021)
PrintNightmare out-of-band update also for Windows Server 2012 and 2016 (July 7, 2021)
The Chaos PrintNightmare Emergency Update (July 6/7, 2021)
Windows 10: Microsoft fixes Zebr & Dymo printer issues caused by update (e.g. KB5004945) via KIR
Microsoft on PrintNightmare vulnerability CVE-2021-34527: Windows is secure after patch