Although Microsoft did not plan to release its security patches until next week, the severity of the vulnerability PrintNightmare has forced you to release an off-cycle patch. This flaw, registered as CVE-2021-34527, allows an attacker to execute code with SYSTEM permissions within any affected system through the printer services. In addition to being very serious, this failure has public exploits circulating on the net, and is being exploited by hackers. For this reason, it is vital that, in order not to be in danger, we update our computer as soon as possible to eliminate this failure … more or less.
Although Microsoft has rushed to release this patch as soon as possible to protect its users, the patch is incomplete. This is a partial solution that prevents the vulnerability from being remotely exploited, but remains open to gain SYSTEM privileges locally. Be that as it may, we must install the update as soon as possible to prevent our PC from being in danger as a result of this failure.
KB5004945: the patch to fix PrintNightmare
For a few hours, Windows 10 users have been receiving the new patch from Microsoft to solve this vulnerability via Windows Update. Depending on the version of Windows that we have installed, we will receive the patch with one numbering or another, but they all have the same purpose:
- KB5004945: Windows 10 version 2004 / 20H2 / 21H1.
- KB5004946: Windows 10 version 1909.
- KB5004947: Windows 10 version 1809 and Server 2019.
- KB5004949: Windows 10 version 1803.
- KB5004950: Windows 10 version 1507.
- KB5004954: Windows 8.1 and Server 2012.
- KB5004953: Windows 7 and Server 2008.
- KB5004955: Windows Server 2008 SP2.
Of course, we must bear in mind that some of the patches have not yet been released through Windows Update, as is the case with version 1803 of the operating system, or the patch for versions not listed before, such as 1607. These patches They will be arriving in the next few hours if we are one of those who use any of these versions.
This update will be mandatory for all users, and will be downloaded and installed automatically in the background like any other security patch. After installing it, it will be necessary to restart the computer so that the changes finish being applied correctly. Once done, our PC will be protected against exploits that took advantage of it for remote code execution. But, as we’ve explained, local privilege escalation will still be available on systems, at least for now.
If we need additional security against this vulnerability, we can choose two options. The first one is to wait for Microsoft to release a full patch to kill PrintNightmare, and the second is to protect ourselves.
Fully mitigate vulnerability
Another way to protect our PC from these attacks is to manually disable the remote printing functions. We can do this from the group policies, within «Computer Configuration> Administrative Templates> Printers» From there we will double click on the «Allow Print Job Manager to Accept Client Connections»And we will mark this directive as«Deactivated».
And we can also apply the patch of 0Patch that allows us to correct the security flaw directly in the RAM, without making changes to the operating system files.
Be that as it may, the greater our security and protection, the better.