Microsoft has released an emergency security update for several versions of Windows to address a critical vulnerability in the Windows Print Spooler service.

The vulnerability, dubbed PrintNightmare, was revealed last week as security researchers accidentally published a proof-of-concept (PoC) exploit code.

Critical

The tech giant has rated the vulnerability documented in CVE-2021-34527 as critical as attackers can remotely execute code with system-level privileges on affected devices.

“A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges,” Microsoft wrote in its documentation.

“An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” it wrote.

Microsoft has recommended users install these updates immediately.

“Note that the security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as “PrintNightmare”, documented in CVE-2021-34527,” it said.

As the vulnerability affects several Windows devices, Microsoft has issued patches for Windows Server 2019, Windows Server 2012 R2, Windows Server 2008, Windows 8.1, Windows RT 8.1, and a range of supported Windows 10 versions.

The tech giant has even issued patches for Windows 7 in an unusual decision. Microsoft ended support for Windows 7 last year, as pointed out by the Verge.

Updates are not yet available for Windows 10 version 1607, Windows Server 2016, or Windows Server 2012.

Security updates for these versions of Windows will be released soon, Microsoft said.

Related Topics
comment COMMENT NOW