Microsoft has released security updates for Windows users to correct security vulnerabilities affecting the Windows Spooler service. The vulnerability named “PrintNightmare” discovered last week allows attackers to remotely execute malicious code and install programs with system privileges, change existing programs, and create new accounts with full user rights.
Microsoft has brought emergency patches to all major versions of Windows, from Windows 7 to Windows 10. Windows Server users also received specific security updates to fix this critical flaw. PrintNightmare vulnerabilities include Windows Server 2004, Windows Server 2008, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows 7, Windows RT 8.1, Windows 8.1, and Windows 10.
Microsoft stated that these updates include protection issues that have been documented as CVE-2021-34527. Since the Windows spooler service exists in all versions of Windows, this vulnerability affects all Windows machines. However, the list of security updates is currently limited to a few versions. Microsoft said it will update the remaining versions of Windows soon.
At the same time, it is recommended that Windows computer users who have not received the security fix manually disable the Print Spooler service or disable incoming remote printing. You can bypass the “Stop-Service -Name Spooler -Force” and “Set-Service -Name Spooler -StartupType Disabled” commands through PowerShell to disable the spooler.
On the other hand, you can disable incoming remote printing by going to Computer Settings> Administrative Templates> Printers and disabling the Allow print queue to accept client connections option. You must restart the spooling service for the changes to take effect.