Reportedly, the Microsoft has released an emergency security update called KB5004945 to fix PrintNightmare zero-day vulnerability in Windows Print Spooler service affecting all Windows OS versions. However, the patch is still incomplete and the vulnerability can still be exploited to gain System privileges.
As per the experts, the remote code execution bug tagged as CVE-2021-34527 actually allows criminals to take over affected servers easily via remove code execution with System privileges. And thus, they can install programs, view or modify or delete data and also can create accounts with full user rights.
In order to get instructions regarding how to install this security updates on computer, users can check the official Microsoft website corresponding to their OS versions.
Although. The security update is released for many Windows 10 versions, still the update is not yet released for Windows 10 1607, Windows Server 2016, or windows Server 2012, however, these versions will even get the updates very soon.
The Microsoft said, “Release notes associated with these updates might publish with a delay of up to an hour after the updates are available for download.”
Also, the company added, “Updates for the remaining affected supported versions of Windows will be released in the coming days.”
Speaking more about the PrintNightmare vulnerability, it includes both the remote code execution as well as a local privilege escalation vector that can be used by attackers to run commands with System privileges on a vulnerable machine.
And after the Microsoft has released the security update, the researcher named Mathew Hickey verified that the patch only resolves the RCE and not the LPE component.
And this simply indicates that the released fix by the company is still incomplete and threat actors can still locally exploit the vulnerability to gain System privileges.