Earlier last week, Microsoft acknowledged that it was investigating a critical vulnerability in Windows 10 that when exploited could let attackers run arbitrary code on the victim’s system. The vulnerability, tracked under CVE-2021-34527, is present in the Windows Print Spooler service and is termed print "PrintNightmare" that can allow for remote code execution (RCE). As the vulnerability was still being investigated, the Redmond firm listed two possible workarounds to mitigate the risks caused by the bug.
Today, the firm has provided an update in the Microsoft Security Response Center (MSRC) listing for the vulnerability noting that it is rolling out a patch for the latest Windows 10 versions to address the issue. The update, KB5004945, is currently rolling out to the three most recent Windows 10 versions, 2004, 20H2, and 21H1, bumping them to Windows 10 builds 19041.1083, 19042.1083, and 19043.1083, respectively. Since these versions are based on the same codebase, the updates are identical for all the versions. The changelog and documentation for the update are yet to go live.
Considering that these are security updates to fix a critical vulnerability, they are mandatory updates and are downloaded automatically through Windows Update. Users can also manually download the patch from the Update Catalog here. Future patches, such as the upcoming Patch Tuesday updates, will contain these fixes.
There is no word from the firm on how the vulnerability affects older versions of the OS, though it notes that it has completed the investigation of the issue. The updates today are only rolling out to the three most recent and fully supported Windows 10 versions, but it will not be surprising to see a patch being made available for older versions still being supported for Enterprise and Education customers sooner, as the firm notes that supported Windows versions that do not receive an update today will get one "shortly after July 6".
For those unaware, the PrintNightmare vulnerability is caused by the Print Spooler service not restricting access to a function that is used to install printer drivers remotely. An attacker that gains unrestricted access can execute arbitrary code with SYSTEM privileges, examples of which are already available on the web. Considering the severity of the vulnerability, it is best for all users to update to the latest build as soon as possible.