Free micropatches addressing the actively exploited PrintNightmare zero-day vulnerability in the Windows Print Spooler service are now available through the 0patch platform.
The buggy code behind this remote code execution bug (tracked as CVE-2021-34527) is present in all versions of Windows, with Microsoft still investigating if the vulnerability can be exploited exploitable on all of them.
CVE-2021-34527 enables attackers to take over affected servers via RCE with SYSTEM privileges, allowing them to install programs, view, change, or delete data, and create new accounts with full user rights.
Even though no security updates are available to address the PrintNightmare security flaw at the moment, Microsoft has shared mitigation measures to block attackers from compromising vulnerable systems and is working on a fix.
This is where the 0patch micropatching service comes in, with free micropatches for versions of Windows impacted by the zero-day:
- Windows Server 2019 (updated with June 2021 Updates)
- Windows Server 2016 (updated with June 2021 Updates)
- Windows Server 2012 R2 (updated with June 2021 Updates)
- Windows Server 2008 R2 (updated with January 2020 Updates, no Extended Security Updates)
- Windows 10 v21H1 (updated with June 2021 Updates)
- Windows 10 v20H2 (updated with June 2021 Updates)
- Windows 10 v2004 (updated with June 2021 Updates)
- Windows 10 v1909 (updated with June 2021 Updates)
- Windows 10 v1903 (updated with June 2021 Updates)
- Windows 10 v1809 (updated with May 2021 Updates - latest before end of support)
- Windows 10 v1803 (updated with May 2021 Updates - latest before end of support)
- Windows 10 v1709 (updated with October 2020 Updates - latest before end of support)
In related news, CISA has also issued a PrintNightmare notification urging admins to disable the Windows Print Spooler service on servers not used for printing.
Microsoft also recommends that the printing service should be disabled on all Domain Controllers and Active Directory admin systems in a support document on mitigating risks on Domain controllers with the Print Spooler service enabled.
The company's advice takes into consideration the fact that this service is enabled by default on most Windows clients and server platforms, drastically increasing the risk of future attacks targeting vulnerable systems.
Until official security updates are available, applying the 0patch micropatches or implementing the mitigations provided by Microsoft should block attackers from breaching your network using PrintNightmare exploits.
Our patches will be free until Microsoft has issued an official fix. If you want to use them, create a free account at https://t.co/wayCdhpc38, then install®ister 0patch Agent from https://t.co/UMXoQqpLQh. Everything else will happen automatically. No restarts needed.
— 0patch (@0patch) July 2, 2021
Update: Added info on additional micropatches released for affected Windows versions.
Comments
saluqi - 2 years ago
I don't see an 0patch for Windows 10 Version 21H1?
serghei - 2 years ago
Already released (identical with the one for 20H2). Added it to the list, thanks for reminding me :)