Updated News Around the World
Technology

Microsoft patches remaining versions of Windows against PrintNightmare flaw

By Andrew McCollum

Patches to fix a severe flaw in the Windows Print spooler are now available for Windows 10 Version 1607, Windows Server 2012 and Windows Server 2016.

password.jpg

Image: GettyImages/Yuichiro Chino

Microsoft has now released patches to protect all versions of Windows against the critical PrintNightmare flaw. On Tuesday, the company had deployed fixes to cover most but not all editions of Windows. On Wednesday, Microsoft patched the remaining versions of Windows, according to an update on its message center page.

SEE: Checklist: Securing Windows 10 systems (TechRepublic Premium)

Newly patched as of July 7 are Windows 10 version 1607, all editions of Windows Server 2012 (including Server Core) and all editions of Windows Server 2016 (including Server Core). This means that all 40 flavors of Windows now have a patch for this flaw, including ones no longer supported by Microsoft, such as Windows 7 and Windows Server 2008.

Pushing out patches for all versions of Windows, even unsupported ones, shows how serious Microsoft considered this vulnerability. As another sign, the company deployed the patch as an out-of-band update, choosing not to wait until next week’s Patch Tuesday to roll it out.

All individual users should check Windows Update to download and install the patch for their version of Windows, while organizations should deploy the update through their patch management system. The updates are also available by searching the Microsoft Update Catalog for the specific Knowledge Base number for your version of Windows and by using the Windows Server Update Services (WSUS).

Fixing this particular problem with the Windows Print spooler service was complicated because Microsoft had to patch two different flaws. Known as CVE-2021-1675, the first flaw was patched through Microsoft’s June 2021 security updates. But that still left a second and more serious flaw.

Dubbed CVE-2021-34527 and nicknamed PrintNightmare, the second vulnerability concerned an issue in RpcAddPrinterDriverEx(), a function that allows users to install or update a printer driver. If exploited by an attacker, this one would have allowed them to take over a compromised computer to install software, modify data and create new user accounts.

The security updates released on July 6 and July 7 include fixes for both flaws. Anyone unable to install the updates is advised to check the FAQ section in CVE-2021-34527 for steps on protecting their systems. Information on installing new printer drivers after applying the update is accessible in Microsoft’s KB5005010 support document.

Also see

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! NewsUpdate is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.

Andrew McCollum 109721 posts 0 comments