Skip to main content

Microsoft issues emergency Windows patch for PrintNightmare vulnerability [Updated]

Windows 10 fix PrintNightmare problem
Windows 10 fix PrintNightmare problem (Image credit: Windows Central)

What you need to know

  • Microsoft released a critical emergency Windows patch that addresses the PrintNightmare vulnerability.
  • If exploited, the vulnerability allows attackers to install programs, create new accounts, and create, view, or delete data.
  • The patch is available for Windows 10, Windows 8.1, Windows 7, and multiple versions of Windows Server.

Update July 7, 2021 at 5:05 pm ET: Individuals are finding ways to get around Microsoft's patch, meaning PrintNightmare vulnerabilities remain an active issue. This article's text has been updated to reflect new information.

Microsoft has issued a critical emergency patch (opens in new tab) for a flaw in the Windows Print Spooler service. The vulnerability is known as PrintNightmare. When exploited, it allows attackers to "install programs; view, change, or delete data; or create new accounts with full user rights," according to Microsoft. The problem is, reports are coming in indicating that the patch doesn't actually fix the entire issue (see below).

The security patch is available for several versions of Windows 10, Windows 8.1, Windows Server 2019, Windows Server 20212 R2, Windows Server 2008, and Windows RT 8.1. It's also available for Windows 7, which is surprising considering the operating system is out of support.

Updates for Windows 10 version 1607, Windows Server 2016, and Windows Server 2012 are not available at this time but will be released soon, according to Microsoft.

PrintNightmare was revealed after researchers published a proof-of-concept exploit, seemingly by accident.

Microsoft's executive summary of the vulnerability includes the following update (emphasis added):

UPDATE July 6, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability. See also KB5005010: Restricting installation of new printer drivers after applying the July 6, 2021 updates.

The fact the patch is available for Windows 7 indicates the severity of the issue since Windows 7 has been out of support since January 14, 2020. However, there's one major problem with Microsoft's efforts: They aren't enough to stop the threat.

Security researcher Matthew Hickey stated that Microsoft's fix only patches up one element of the vulnerability (via BleepingComputer).

See more

Via local privilege escalation, threat actors can still target vulnerabilities. Worse yet, according to other reports, there are ways for individuals to bypass Microsoft's patch entirely and target vulnerable systems via remote code execution in addition to the aforementioned local privilege execution.

See more

0patch has released a patch that it claims is capable of defending against the problems Microsoft's official patch cannot. However, installing Microsoft's July 6 patch will disable 0patch's benefits, so you'll have to go with one or the other.

Sean Endicott is the news writer for Windows Central. If it runs Windows, is made by Microsoft, or has anything to do with either, he's on it. Sean's been with Windows Central since 2017 and is also our resident app expert. If you have a news tip or an app to review, hit him up at sean.endicott@futurenet.com.

1 Comment
  • But many novice desktop administrators block all kinds of windows updates including security updates