Windows Out-of-Band Update Released to Fix PrintNightmare Vulnerability

Windows Out-of-Band Update Released to Fix PrintNightmare Vulnerability

Microsoft Releases Emergency Patch for PrintNightmare Flaw

Microsoft has released an emergency security update to fix the Weaponized PrintNightmare zero-day vulnerability in the Windows Print Spooler service impacting all versions of Windows, including Windows 7 and Windows Server 2008 R2.

Improper input validation within the RpcAddPrinterDriverEx() function allows this vulnerability to be weaponized, as has been confirmed by Microsoft. A remote user can send a specially-crafted request to the Windows Print Spooler and execute arbitrary code with SYSTEM privileges.

Syxscore Risk Alert

  1. Vendor Severity: Critical
  2. CVSS Severity: 9.9 (Critical)
  3. Attack Vector: Network
  4. Attack Complexity: Low
  5. Privileges Required: Low
  6. User Interaction: None
  7. Scope (Jump Point): Yes

“This is one of the highest priorities of the year to date,” said Rob Brown, Head of Customer Success for Syxsense. “Not only does this impact almost every single operating system by Microsoft, if this is weaponized within your environment, there is the real possibility of those hackers jumping into another technology or applications within your network. Microsoft have also taken the rare step of releasing this update for Windows 7 even if you do not have an ESU extended license.”

How Syxsense Can Help

As always, we recommend full testing be performed prior to live deployment to your device. These are now available within the Syxsense Console.

Syxsense provides that first line of defense against vulnerabilities by automating the patching of all systems. Experience the power of IT managementpatch management, and security vulnerability scanning in one powerful solution.

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.