Microsoft rolls out emergency patch for critical PrintNightmare flaw
Microsoft has released a patch for a critical vulnerability known as the PrintNightmare flaw, which could allow an attacker to take over a compromised computer to install software, modify data, and create new user accounts. The flaw is so severe that the patch was issued out of band this week rather than next Tuesday, when Microsoft is set to release their monthly updates. Older, unsupported versions of Windows are also receiving the patch due to its critical nature. Users operating Windows 7, 8.1, and 10 as well as Server 2004, 2008, and 2019 can install the security update.
Microsoft is urging its users to check Windows Update to perform the install, recommending that organizations should deploy the fix via their patch management system. The PrintNightmare flaw is complex as it involved two different vulnerabilities within the Windows Print Spooler, the tool that queues and manages print jobs. The first issue was patched in June of this year. The second flaw is specifically found in a function that allows users to install or update a printer driver. The CISA released a warning advising administrators to disable the Windows Print spooler service in domain controllers due to the flaw, previous to the patch’s release.