Microsoft Patches ‘PrintNightmare’ Vulnerability In Windows, Urges Immediate Install

The vulnerability -- officially dubbed CVE-2021-34527 -- is found in how Print Spooler improperly performs privileged file operations, according to a Microsoft post.

Microsoft has released security updates to address a vulnerability in Windows print spooler dubbed “PrintNightmare,” recommending that users “install these updates immediately.”

The vulnerability -- officially dubbed “CVE-2021-34527” -- is found in how print spooler improperly performs privileged file operations, according to a Microsoft post. An attacker could use the vulnerability to install programs, change data and create new accounts with full user rights, among other actions.

[RELATED: Hackers Attack Microsoft Cloud Customer Apps Via Synnex]

The vulnerability existed before the June 8 security update, according to Microsoft. Print spooler is an executable file that manages the printing process.

All versions of Windows are vulnerable and domain controllers are affected if print spooler service is enabled. Point and Print can be exploited through the vulnerability as well. Supported versions of Windows without a security update made available Tuesday will “be updated shortly after July 6.” Security updates are now available for Windows versions including Server 2019, Server 2016, Server 2012 and versions of Windows 7 and Windows 10.

The updates also solve a separate vulnerability dubbed CVE-2021-1675 identified in June. Microsoft described this vulnerability -- identified on June 30 by the CERT Coordination Center nonprofit -- as “similar but distinct” from PrintNightmare.

Microsoft did not immediately respond to a request for comment Wednesday.

Multiple print spooler vulnerabilities have been identified over the years.

The past year, in particular, has seen Microsoft get far more vocal and aggressive around the need for increasing security, including an emphasis on urging businesses to shift to the cloud from on-premises infrastructure.

On Tuesday, CRN reported that hackers attempted to use IT distributor Synnex to gain access to customer applications within the Microsoft cloud environment in an attack possibly tied to the Kaseya ransomware campaign.

Mike Wilson, chief technology officer and a partner at Interlink Cloud Advisors, a Mason, Ohio-based Microsoft Gold partner, said that Microsoft acted quickly on the patch--which was important because the vulnerability affected all versions of Windows and could lead to malware embedding and a ransomware attack.

“The transparency in acknowledging the vulnerability and sharing mitigation steps while fast-tracking the patch is one of Microsoft’s strengths as a partner,” Wilson said.