Updated Microsoft has issued out-of-band patches for the PrintNightmare bug that allows remote and local Windows users to execute code as SYSTEM on boxes running the print spooler service, including domain controllers.
The bug, designated CVE-2021-34527, is present in all versions of Windows.
However, Microsoft's advisory states: "Updates are not yet available for Windows 10 version 1607, Windows Server 2016, or Windows Server 2012."
Those are worrying omissions as the first two versions mentioned are five years old and could well be quite widely used. Windows Server 2012 is currently in Extended Support – a paid service. Customers therefore have a security issue to worry about and perhaps also bone to pick with Microsoft, given that Windows 7 is also in Extended Support.
- The PrintNightmare continues: Microsoft confirms presence of vulnerable code in all versions of Windows
- PrintNightmare: Kicking users from Pre-Windows 2000 legacy group may thwart domain controller exploitation
- Microsoft fixes the thing it broke via another dose of out-of-band patching to deal with BSOD printing problems
Microsoft recommends prompt application of its patches, but its advisory also offers a workaround if you're not able to install the software: namely, disabling the spooler service on any vulnerable systems.
The emergency patches are Microsoft's second in a week. On June 30, the company issued another to crimp a PDF bug. They also mark Microsoft's second print-related rush job in 2021 alone, after a March fix left some Windows 10 users unable to print, requiring a patch-up job to fix the first patch. ®
Updated to add
The emergency fix for PrintNightmare can be circumvented using UNC, and thus machines running the print spooler service are still vulnerable, according to researchers. Disable the print spooler service as soon as you can.