Microsoft has pushed an emergency fix through its update channels that partially fixes the security flaw in the PrintSpooler service. As per reports, the patch still seems to be incomplete and the vulnerability can still be exploited locally.
The fixes have been released for Windows versions 7 and up, as well as Windows Server 2008 SP2. Detailed instructions on how to install these updates are available on Windows Support. Windows 10 users simply need to download the update using 'Windows Update' in the settings menu.
Microsoft has also said that updates for Windows 10 version 1607, Windows Server 2016 and Windows Server 2012 will be coming soon.
As Bleeping Computer pointed out, these patches so far only seem to fix the remote code execution which means a threat actor could still theoretically gain access to a system network locally.
Hacker Fantastic tweeted that the fix only addresses the remote vector.
The Microsoft fix released for recent #PrintNightmare vulnerability addresses the remote vector - however the LPE variations still function. These work out of the box on Windows 7, 8, 8.1, 2008 and 2012 but require Point&Print configured for Windows 2016,2019,10 & 11(?). https://t.co/PRO3p99CFo— Hacker Fantastic (@hackerfantastic) July 6, 2021
Microsoft has also urged customers who cannot install this fix to check the FAQ and mitigation sections for these vulnerabilities.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
