PrintNightmare (KB5004945) – An update is now available for Windows 10

by Kelvin
PrintNightmare (KB5004945)

The June patch Tuesday included a patch to address a vulnerability that could remotely hack a computer via Print queue … The researchers believed this was the same error they reported a few months ago and even decided to post a proof of concept for the error. The problem is that this is not the same patch that was patched and they basically released an exploit for a zero-day vulnerability for anyone to take advantage of.

PrintNightmare (KB5004945)

Microsoft releases patch for PrintNightmare

Solutions for the vulnerabilities were posted last Saturday, and yesterday Microsoft released a preliminary patch to address this serious vulnerability instead of waiting for next Tuesday. July 13 , when The patch will be out on Tuesday July.

  

The patch, called KB5004945 for the May 2020 Update and later, has already started rolling out on computers with Windows 10, and installing it is highly recommended before massive attacks or hacks begin to occur.

The vulnerability even got its own name: Print … Microsoft rated the patch as critical because it allows an attacker to remotely execute code With System Permissions on all computers with Windows today, since the print queue is present on all of them. With these privileges, they can install programs, modify data, create new administrator accounts, and basically take complete control of the PC.

Even Windows 7 got my patch

The failure is so severe that Microsoft has released a security update for Windows 7, despite the fact that this operating system no longer has official support from the company since January last year. There are also fixes for Windows Server 2019, Windows Server 2012 R2, Windows Server 2008, Windows 8.1 and Windows RT 8.1 and all currently supported versions Windows 10. The patch fixes vulnerabilities CVE-2021-1675 and CVE-2021-34527

However, the vulnerability has two parts: one is remote code execution and the other is privilege escalation, which can be exploited locally. In this case, fixed only remote code execution and it is expected that local code execution will be fixed on tuesday as well. This allows someone who has access to the computer or another local vulnerability to gain control of the computers, but this is more difficult.

update Windows, package kb5004945

In short, we recommend that you immediately install the patch, which has probably already been downloaded to your computers, and you just need to restart your computer for the changes to take effect. If you are not yet able to install the hotfix, disabling the print queue might be a good solution, although it can cause printing problems if you are using a network printer.