Microsoft fixes critical PrintNightmare and Office document vulnerabilities in Windows 10
Microsoft fixed several critical security issues with its most recent Patch Tuesday update.
What you need to know
- Microsoft addressed 66 security vulnerabilities in its September 2021 Patch Tuesday update.
- The update addresses the PrintNightmare and Office document vulnerabilities.
- The PrintNightmare and Office document vulnerabilities were rated as critical.
Microsoft rolled out its Patch Tuesday update for Windows 10 yesterday. The update includes fixes for 66 security vulnerabilities, including one that addresses an Office document vulnerability. That Office vulnerability could be utilized by attackers to trick people into opening malicious files.
We broke down how attackers can use this vulnerability in greater detail last week. To summarize, the vulnerability labeled as Windows CVE-2021-40444 (opens in new tab) can be exploited by using ActiveX controls in an Office document. If people are tricked into opening files and disabling Protected View, an attacker can get malware onto a computer.
Microsoft's documentation on the security vulnerability now includes an update:
The Office document vulnerability could be used in conjunction with other issues, such as the recent bug in Outlook that showed spoofed domains inside genuine contact cards.
Microsoft also released an update for the Windows Print Spooler Remote Code Execution Vulnerability, which is labeled CVE-2021-36958 (opens in new tab). The Print Spooler vulnerability caused a wide range of problems, including attackers being able to place ransomware onto vulnerable PCs.
Security expert Benjamin Delpy confirmed to BleepingComputer that the bug was fixed.
#printnightmare patch tuesday looks like promising pic.twitter.com/OjwCL79Io9#printnightmare patch tuesday looks like promising pic.twitter.com/OjwCL79Io9— 🥝 Benjamin Delpy (@gentilkiwi) September 14, 2021September 14, 2021
Microsoft has a full list (opens in new tab) of all addressed security issues from the September 2021 Patch Tuesday update.
Windows Central Newsletter
Get the best of Windows Central in your inbox, every day!
Sean Endicott brings nearly a decade of experience covering Microsoft and Windows news to Windows Central. He joined our team in 2017 as an app reviewer and now heads up our day-to-day news coverage. If you have a news tip or an app to review, hit him up at firstname.lastname@example.org (opens in new tab).
Until the next set of exploits are discovered/engineered!
Hope this continues