PrintNightmare: New Emergency Patch for Windows 10

Although Microsoft did not plan to release its security patches until next week, the severity of the PrintNightmare vulnerability has forced it to release an off-cycle patch. This bug, registered as CVE-2021-34527, allows an attacker to execute code with SYSTEM permissions within any affected system through the printer services. In addition to being very serious, this flaw has public exploits circulating on the network, and is being exploited by hackers. For this reason, it is vital that, in order not to be in danger, we update our computer as soon as possible to eliminate this failure … more or less.

Although Microsoft has rushed to release this patch as soon as possible to protect its users, the patch is incomplete. This is a partial fix that prevents the vulnerability from being exploited remotely, but remains open to gain SYSTEM privileges locally . Be that as it may, we must install the update as soon as possible to prevent our PC from being in danger as a result of this failure.

PrintNightmare: New Emergency Patch for Windows 10

KB5004945: the patch to fix PrintNightmare

For a few hours, Windows 10 users have been receiving the new patch from Microsoft to solve this vulnerability through Windows Update. Depending on the version of Windows that we have installed, we will receive the patch with one numbering or another, but they all have the same purpose:

  • KB5004945 : Windows 10 version 2004 / 20H2 / 21H1.
  • KB5004946: Windows 10 version 1909.
  • KB5004947: Windows 10 version 1809 and Server 2019.
  • KB5004949: Windows 10 version 1803.
  • KB5004950: Windows 10 version 1507.
  • KB5004954: Windows 8.1 and Server 2012.
  • KB5004953: Windows 7 and Server 2008.
  • KB5004955: Windows Server 2008 SP2.

Of course, we must bear in mind that some of the patches have not yet been released through Windows Update, as is the case with version 1803 of the operating system, or the patch for versions not listed before, such as 1607. These patches They will be arriving in the next few hours if we are one of those who use any of these versions.

Parche KB5004945

This update will be mandatory for all users, and will be downloaded and installed automatically in the background like any other security patch. After installing it, it will be necessary to restart the computer for the changes to be applied correctly. Once done, our PC will be protected against exploits that took advantage of it for remote code execution. But, as we’ve explained, local privilege escalation will still be available on systems, at least for now.

If we need additional security against this vulnerability, we can choose two options. The first one is to wait for Microsoft to release a full patch to kill PrintNightmare, and the second is to protect ourselves.

Fully mitigate vulnerability

Another way to protect our PC from these attacks is to manually disable the remote printing functions. We can do this from the group policies, within “Computer Configuration> Administrative Templates> Printers” From there we will double click on the section ” Allow the print job manager to accept client connections ” and we will mark said policy as ” Disabled ” .

Desactivar administrador de trabajos de impresión

And we can also apply the 0Patch patch to the system that allows us to correct the security flaw directly in the RAM, without making changes to the operating system files.

Be that as it may, the greater our security and protection, the better.