Microsoft fixes critical PrintNightmare and Office document vulnerabilities in Windows 10

Microsoft fixed several critical security issues with its most recent Patch Tuesday update.

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

What you need to know

Microsoft rolled out itsPatch Tuesday updatefor Windows 10 yesterday. The update includes fixes for 66 security vulnerabilities, including one that addresses an Office document vulnerability. That Office vulnerability could be utilized by attackers to trick people into opening malicious files.

We broke downhow attackers can use this vulnerabilityin greater detail last week. To summarize, the vulnerability labeled asWindows CVE-2021-40444can be exploited by using ActiveX controls in an Office document. If people are tricked into opening files and disabling Protected View, an attacker can get malware onto a computer.

Microsoft’s documentation on the security vulnerability now includes an update:

Microsoft has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. Please see the FAQ for important information about which updates are applicable to your system.

The Office document vulnerability could be used in conjunction with other issues, such as therecent bug in Outlookthat showed spoofed domains inside genuine contact cards.

Microsoft also released an update for the Windows Print Spooler Remote Code Execution Vulnerability, which is labeledCVE-2021-36958. ThePrint Spooler vulnerabilitycaused a wide range of problems, including attackers being able to place ransomware onto vulnerable PCs.

Security expert Benjamin Delpy confirmed toBleepingComputerthat the bug was fixed.

#printnightmarepatch tuesday looks like promisingpic.twitter.com/OjwCL79Io9#printnightmarepatch tuesday looks like promisingpic.twitter.com/OjwCL79Io9— 🥝 Benjamin Delpy (@gentilkiwi)September 14, 2021September 14, 2021

Microsoft has afull listof all addressed security issues from the September 2021 Patch Tuesday update.

Get the Windows Central Newsletter

All the latest news, reviews, and guides for Windows and Xbox diehards.

Sean Endicott is a tech journalist at Windows Central, specializing in Windows, Microsoft software, AI, and PCs. He’s covered major launches, from Windows 10 and 11 to the rise of AI tools like ChatGPT. Sean’s journey began with the Lumia 740, leading to strong ties with app developers. Outside writing, he coaches American football, utilizing Microsoft services to manage his team. He studied broadcast journalism at Nottingham Trent University and is active on X @SeanEndicott_ and Threads @sean_endicott_.