UPDATE:The latest Microsoft Security Update patch has failed to completely fix PrintNightmare, Dan Goodin reported for Ars Technica this morning.
An emergency patch Microsoft issued on Tuesday fails to fully fix a critical security vulnerability in all supported versions of Windows that allows attackers to take control of infected systems and run code of their choice, researchers said. MORE@ArsTechnica
The latest Microsoft Windows Security Update CVE-2021-34527 is necessary to protect for PrintNightmare. Microsoft is urging Windows users to immediately install an update after security researchers found a serious vulnerability in the operating system.
The security flaw, known as PrintNightmare, affects the Windows Print Spooler service. Researchers at cybersecurity company Sangfor accidentally published a how-to guide for exploiting it.
Microsoft (MSFT) warned that hackers that exploit the vulnerability could install programs, view and delete data or even create new user accounts with full user rights. That gives hackers enough command and control of your PC to do some serious damage.
Microsoft Windows Security Update
July 6, 2021–Today Microsoft released an Out-of-Band (OOB) security update for CVE-2021-34527, which is being discussed externally as PrintNightmare. This is a cumulative update release, so it contains all previous security fixes and should be applied immediately to fully protect your systems.
The fix that we released today fully addresses the public vulnerability, and it also includes a new feature that allows customers to implement stronger protections. See: KB5005010: Restricting installation of new printer drivers after applying the July 6, 2021 updates
Please note that not all versions of the update are available today as some packages are not quite ready for release. We feel that it is important to provide security updates as quickly as possible for systems that we can confidently protect today. Unfortunately, security updates for Windows Server 2016, Windows 10, version 1607, and Windows Server 2012 will be delayed for a short period, but they are expected soon.
A full listing of available update packages is in the Security Updates table in the CVE:
