Sign In

Предупреждения


Microsoft Releases Out-of-Band Security Updates for PrintNightmare – 07.07.2021


Microsoft has released out-of-band security updates to address a remote code execution (RCE) vulnerability—known as PrintNightmare (CVE-2021-34527)—in the Windows Print spooler service. According to the CERT Coordination Center (CERT/CC), “The Microsoft Windows Print Spooler service fails to restrict access to functionality that allows users to add printers and related drivers, which can allow a remote authenticated attacker to execute arbitrary code with SYSTEM privileges on a vulnerable system.”

The updates are cumulative and contain all previous fixes as well as protections for CVE-2021-1675. The updates do not include Windows 10 version 1607, Windows Server 2012, or Windows Server 2016—Microsoft states updates for these versions are forthcoming. Note: According to CERT/CC, “the Microsoft update for CVE-2021-34527 only appears to address the Remote Code Execution (RCE via SMB and RPC) variants of the PrintNightmare, and not the Local Privilege Escalation (LPE) variant.” See CERT/CC Vulnerability Note VU #383432 for workarounds for the LPE variant.

CERT Bulgaria encourages users and administrators to review the Microsoft Security Updates as well as CERT/CC Vulnerability Note VU #383432 and apply the necessary updates or workarounds.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

https://www.kb.cert.org/vuls/id/383432

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

https://www.kb.cert.org/vuls/id/383432

https://www.kb.cert.org/vuls/id/383432

07/07/2021

NEW VIRUSES RSS
VULNERABILITIES RSS