PrintNightmare CVE-2021-34527

Update Now & Reboot Windows 10

There is a new active exploit ruining the Internet for everyone using Windows.  These instructions are for Windows 10 Pro, but similar enough to all versions of MS Windows.
The short read:  Install Windows Updates and Restart Now
The rest:

 

What is it?

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft

Why should I care?

This exploit can easily be used as a point of entry for lateral network movement causing  unchecked privilege elevation on business domains.

What should I do?

Install all Windows updates.  Then Restart your PC.

1. Start > Settings > Update & Security > Windows Update

2 Click “Install” & “Restart Now”
3 Continue to open Settings > Windows Update until you Click the “Check for Updates” button and install everything until it says “You’re Up to Date”

4 If there is a “Feature Update”, click “Download and Install Now”  Restart when complete

 

Microsoft patched CVE-2021-34527 on 7/1/21 and updated KB5004945 for Windows 10 on 7/8/21.

Also, you may check Installed Updates for KB5004945 listed to fix PrintNightmare.

1 Start > search “Control Panel”

2 Programs > Uninstall a Program

3 View Installed Updates

4 Search Installed Updates for KB5004945

To read more information about PrintNightmare and Exploitation of Remote Services:

https://attack.mitre.org/techniques/T1210/

https://www.digitaltrends.com/computing/how-to-fix-print-nightmare-on-windows-right-now/

 

 

0