Page Content
Microsoft has released out-of-band
security updates to address a remote code execution (RCE)
vulnerability—known as PrintNightmare (CVE-2021-34527)—in the Windows Print
spooler service. According to the CERT Coordination Center (CERT/CC), “The
Microsoft Windows Print Spooler service fails to restrict access to
functionality that allows users to add printers and related drivers, which can
allow a remote authenticated attacker to execute arbitrary code with SYSTEM
privileges on a vulnerable system.”
The updates are cumulative and contain all previous fixes as
well as protections for CVE-2021-1675. The updates do not include Windows 10
version 1607, Windows Server 2012, or Windows Server 2016—Microsoft states
updates for these versions are forthcoming. Note: According to CERT/CC, “the
Microsoft update for CVE-2021-34527 only appears to address the Remote Code
Execution (RCE via SMB and RPC) variants of the PrintNightmare, and not the
Local Privilege Escalation (LPE) variant.” See CERT/CC Vulnerability Note VU
#383432 for workarounds for the LPE variant.
CERT Bulgaria encourages users and administrators to review
the Microsoft
Security Updates as well as CERT/CC
Vulnerability Note VU #383432 and apply the necessary updates or
workarounds.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
https://www.kb.cert.org/vuls/id/383432
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
https://www.kb.cert.org/vuls/id/383432
https://www.kb.cert.org/vuls/id/383432