Windows 10 KB5004945 emergency update released to fix PrintNightmare

Windows 10 KB5004945 emergency update is rolling out to address
a new Windows zero-day vulnerability called “PrintNightmare”.
According to reports, PrintNightmare vulnerability is being
actively exploited by attackers to achieve local privilege and
remote code execution on affected machines.

Microsoft has now started rolling out out-of-band Windows
updates to remedy a PrintNightmare security bug affecting all
supported versions of Windows 10.

KB5004945 is a new mandatory security update
for those on v2004 or newer. This patch will download/install
automatically on Windows 10 Home, Pro and other editions. For
those using
Windows 10 version 1909 (November 2019 Update), they’ll be
getting KB5004946 and this patch will also install
automatically depending on update policies.

For Windows 10 version 1809 and Windows Server 2019, there’s a
different patch – KB5004947.

List of PrintNightmare updates released for Windows:

  1. Version 21H1, 20H1, 2004 – KB5004945 (Build 19043.1083).
  2. Version 1909 – KB5004946 (Build 18363.1646).
  3. Version 1809 and Windows Server 2019 – KB5004947 (Build
    17763.2029).
  4. Version 1803 – KB5004949
  5. Version 1507 – KB5004950.
  6. Windows 8.1 and Windows Server 2012 – KB5004954 and
    KB5004958 (security only).
  7. Windows 7 SP1 and Windows Server 2008 R2 SP1 – KB5004953
    and KB5004951 (security only)
  8. Windows Server 2008 SP2 – KB5004955 and KB5004959 (security
    only).

As mentioned, Windows 10 version 2004 and newer will be getting
the following Windows Update when they check for updates today:

2021-07 Cumulative Update for Windows 10 Version 21H1
for x64-based Systems (KB5004945)

KB5004945 update

This update will advance the build number to Build 19043.1083
(19042.1083 or 19041.1083).

How to fix PrintNightmare vulnerability on Windows 10

To fix PrintNightmare vulnerability, follow these steps:

  1. Open Windows Settings > Updates
    & Security
    > Windows Update.
  2. Click on “Check for updates“.
  3. A new July patch will automatically start downloading on
    your device.
  4. Click on “Restart now” after the patch is
    downloaded.

Alternatively, you can manually download the offline installers
from the Microsoft Update Catalog.

Download Links for Windows 10 KB5004945

Windows 10 KB5004945 Direct Download Links: 64-bit and
32-bit (x86).

On Microsoft Update Catalog, you can find offline installers to
any Windows Update. To find the update, click on the search box
and enter the KB number. Next to the correct version/edition of
Windows, click on the “Download” button. This will open a new
window in your browser.

To begin the download, copy the .msu link and paste it into
another tab.

KB5004945 – Windows PrintNightmare emergency update

The patch consists of various fixes geared towards addressing
issues with Windows printer vulnerability that could allow an
attacker to bypass the software security protections on
affected devices.

The PrintNightmare bug affects Print Spooler which is a service
responsible for managing all print jobs for hardware printers
or print servers. This feature is enabled default on all
Windows machines including Home and Pro editions, and it can be
abused by attackers to remotely execute code. If exploited,
attackers would gain full access to a domain controller.

Microsoft is advising users to install the emergency on
affected devices as soon as possible.

“An Out-of-band update has been released to address a remote
code execution exploit in the Windows Print Spooler service. We
recommend you update your device as soon as possible,” the
company said in a statement.

PrintNighmare vulnerability is also known as CVE-2021-34527 and
it does not directly affect Point/Print technology, but it
still poses a security threat. For example, it weakens the
local security and exploitation could be possible.

In the document, Microsoft explained that installing the
emergency Windows Update addresses the critical remote code
execution bug in Print Spooler service, and admins can once
again apply signed or unsigned printer drivers to a print
server.

Here’s a timeline of how the vulnerability was first discovered
and reported:

  1. On June 30, a proof-of-concept (PoC) exploit of the
    unpatched vulnerability was accidentally posted online, with
    reports suggesting this issue allows remote code execution.
  2. On July 1, security agencies issued a warning to
    enterprises recommending enterprises to disable the Windows
    Print Spooler service wherever possible.
  3. On July 2, Microsoft acknowledged the reports
    and offered workarounds.
  4. On the same day, reports revealed that attackers have
    already started actively exploiting the PrintNightmare zero-day
    after it leaked online. Microsoft recommended users to follow
    the mitigation measures and prevent attackers from taking over
    the systems.
  5. On July 6, Microsoft issued emergency updates for consumers
    and businesses.

As mentioned at the outset, if you don’t want to install the
emergency update, there’s a second workaround – disable Windows
Print Spooler service.

How to mitigate Print Spooler PrintNightmae

To disable Print Spooler service to fix the PrintNightmare
vulnerability, follow these steps:

  1. Open Windows Search.
  2. Type PowerShell and run it as “administrator”.
  3. Type the following command: Stop-Service -Name
    Spooler -Force
    Windows PrintNightmare bug
  4. Press enter.
  5. Type the following command: Set-Service -Name
    Spooler -StartupType Disabled
    Disable Print Spooler
  6. Press enter.

When you run the above two commands, Windows will disable and
prevent the Print Spooler service from starting again. If you
want to re-enable the service, run these commands in
PowerShell:

  • Set-Service -Name Spooler -StartupType Automatic
  • Start-Service -Name Spooler

Alternatively, you can mitigate the printing vulnerability by
making changes to the Group Policy Editor. To disable the Print
Spooler and address PrintNightmare bug, follow these steps:

  1. Search for gpedit.msc in Windows Search.
  2. Open the Local Group Policy Editor and navigate to Computer
    Configuration > Administrative Templates > Printers.
  3. Select and open Allow Print Spooler to accept
    client connections
    policy.
  4. Select the Disabled option and click on OK

If you want to re-enable the service, follow the above steps
again and select “Not configured” or “Enabled”. This will
restore the print spooler service and a system reboot is not
required.

Remember that these steps should be followed only if you’re
planning to skip the out of band update.

Microsoft is currently not aware of any new issues in the
emergency patch.

For remaining supported versions of Windows like version 1903,
Microsoft is planning to release the emergency patch in the
coming days.

If you skip today’s patch, you’ll receive the same fix in
July’s Patch Tuesday updates, which will begin rolling out next
week (July 13).

The upcoming July Patch Tuesday update is also expected to
include a fix for
Windows 10’s blurry taskbar bug and issues with News and
interests feed. It will also resolve another bug affecting the
performance (FPS and graphics quality) of some games, such as
Call of Duty and PlayerUnknown’s Battleground (PUBG).

About the Author: admin

i am as a writer and blogger...

Leave a Reply

Your email address will not be published. Required fields are marked *