



A patch that fixes a critical flaw in the Windows Print spooler is now available in Windows 10, version 1607, Windows Server 2012, and Windows Server 2016.

Image: Getty Images / Yuichiro Chino

Microsoft has released a patch to protect all versions of Windows from serious Print Nightmare flaws. On Tuesday, the company deployed a hotfix that covers most, but not all, editions of Windows. On Wednesday, Microsoft patched the rest of the version of Windows, according to an update on the Message Center page.

See also: Checklist: Windows 10 System Protection (TechRepublic Premium)

As of July 7, the new patches will be applied to Windows 10, version 1607, all editions of Windows Server 2012 (including Server Core), and all editions of Windows Server 2016 (including Server Core). is. This means that all 40 types of Windows have been patched for this flaw, including those that are no longer supported by Microsoft, such as Windows 7 and Windows Server 2008.

Pushing patches for all versions of Windows, including unsupported ones, shows how serious Microsoft is taking this vulnerability. As another symptom, the company chose to deploy the patch as an out-of-band update and not wait for the patch to be released on Tuesday.

All individual users should check Windows Update to download and install patches for their version of Windows. Organizations, on the other hand, need to deploy updates through a patch management system. Updates can also be obtained using Windows Server Update Services (WSUS) by searching the Microsoft Update Catalog for a specific knowledge base number for your version of Windows.

Fixing this particular issue with the Windows Print Spooler service was complicated because Microsoft had to patch two different flaws. The first flaw, known as CVE-2021-1675, was fixed by Microsoft’s June 2021 security update. However, the second, more serious flaw still remained.

The second vulnerability, nicknamed PrintNightmare, called CVE-2021-34527, was related to an issue with RpcAddPrinterDriverEx (), a function that allows users to install or update printer drivers. If exploited by an attacker, it can hijack the compromised computer, install software, modify data, and create new user accounts.

The security updates released on July 6th and July 7th include fixes for both flaws. If you are unable to install the update, we recommend that you review the instructions for protecting your system in the FAQ section of CVE-2021-34527. Information about installing new printer drivers after applying the update can be found in Microsoft’s KB5005010 support documentation.

