Share this article

Latest news

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Microsoft acknowledges “PrintNightmare” remote code execution vulnerability affecting Windows Print Spooler service

2 min. read

Published onJuly 2, 2021

published onJuly 2, 2021

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Microsoft has acknowledged a new remote code execution vulnerability that is currently affecting its Windows Print Spooler service. The exploit labeled “PrintNightmare” is currently being investigated by Microsoft, and the company confirmed that the code that contained the vulnerability is in all versions of Windows but it’s not clear yet if all versions of the OS are vulnerable.

The Windows Sprint Spooler is a component that manages the printing process on Windows PCs, and the Printnightmare remote code execution vulnerability can be exploited when the Windows Pint Soopler improperly performs privileged file operations. “An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” Microsoft explained.

Microsoft 365 Defender customers can also refer to the threat analytics report we published on this vulnerability. The report provides tech details, guidance for mitigating the impact of this threat, and advanced hunting queries, which are published here:https://t.co/tBunCJgn6W

— Microsoft Security Intelligence (@MsftSecIntel)July 2, 2021

While Microsoft is working on a fix for this remote code execution vulnerability, the company is recommending customers to apply thesecurity updates released on June 8, 2021. IT Admins are also invited to disable the Print Spooler service via Powershell commands, though this will disable the ability to print both locally and remotely. Another workaround is to disable inbound remote printing through Group Policy, which will block the remote attack vector while allowing local printing.

You can learn more details about the different workarounds onthis page, which Microsoft plans to update with more details about the severity of this vulnerability. We don’t know yet when Microsoft will be able to release a patch, but we’ll let you know once we have more information about a fix.

Radu Tyrsina

Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time).

For most of the kids of his age, the Internet was an amazing way to play and communicate with others, but he was deeply impressed by the flow of information and how easily you can find anything on the web.

Prior to founding Windows Report, this particular curiosity about digital content enabled him to grow a number of sites that helped hundreds of millions reach faster the answer they’re looking for.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Radu Tyrsina