July 12, 2021
“PrintNightmare”, what is it actually?
The Windows 10 exploit known as “PrintNightmare” is currently on everyone’s lips. But what exactly is it?
“PrintNightmare” is the name given to a current vulnerability in the printer spooler of Windows systems. Microsoft published this expoit with the number CVE-2021-34527 at the beginning of July in a warning. Using this vulnerability, attackers can gain local system privileges on the compromised machines. This, in turn, can subsequently be exploited in multiple ways: Attackers are then able to install programs, have access to local files that can not only be viewed but also modified, copied or even deleted, and it is also possible for attackers to create new user accounts with unrestricted rights.
It is known that this vulnerability is already being actively exploited. For this reason, Microsoft also classifies the threat as “critical” and advises in a current blog article to install the provided patch as soon as possible on all Windows computers.
Am I also affected?
Besides the already mentioned Windows 10 systems, all other Microsoft operating systems are also affected!
Therefore, in addition to the update KB5004945 for the latest Windows 10 version, Microsoft also provides other security updates specifically for older operating systems down to Windows 7.
- Windows 10, version 21H1 (KB5004945)
- Windows 10, version 20H1 (KB5004945)
- Windows 10, version 2004 (KB5004945)
- Windows 10, version 1909 (KB5004946)
- Windows 10, version 1809 and Windows Server 2019 (KB5004947)
- Windows 10, version 1607 (KB5004948)
- Windows 10, version 1803 (KB5004949)
- Windows 10, version 1507 (KB5004950)
- Windows 8.1 and Windows Server 2012 (Monthly Rollup KB5004954 / Security only KB5004958)
- Windows 7 SP1 and Windows Server 2008 R2 SP1 (Monthly Rollup KB5004953 / Security only KB5004951)
- Windows Server 2008 SP2 (Monthly Rollup KB5004955 / Security only KB5004959)
Important: According to current information, installing the patch will not close the vulnerability if the point-and-print restriction is disabled or configured accordingly.
Individual Docusnap report brings clarity
To help you quickly and easily check which systems on your network are affected, we have created an extra Docusnap report. This shows for all Windows systems whether the respective patch is installed and additionally also gives the status of the print spooler service. All patches listed above are included in the report.
You can download this report for free from our website and import it into your Docusnap. How to do this is explained in detail in the Docusnap Forum.