Microsoft is warning Windows users about an unpatched critical flaw in the Windows Print Spooler service. The vulnerability, dubbed PrintNightmare, was uncovered earlier this week after security researchers accidentally published a proof-of-concept (PoC) exploit. While Microsoft hasn’t rated the vulnerability, it allows attackers to remotely execute code with system-level privileges, which is as critical and problematic as you can get in Windows.

https://www.theverge.com/2021/7/2/22560435/microsoft-printnightmare-windows-print-spooler-service-vulnerability-exploit-0-day

Me too -- I unset my postpone 7 days and it offered two downloads; did them and it went to update/restart now and all seems OK.

Plenty of time yesterday waiting for the Hurricane ELSA to go by us ..... which it did during the middle of the night but well off-shore!

Norton works on the weather too? <g>

Release Notes are now available.

https://support.microsoft.com/en-us/topic/july-6-2021-kb5004945-os-builds-19041-1083-19042-1083-and-19043-1083-out-of-band-44b34928-0a71-4473-aa22-ecf3b83eed0e

Getting the update installed now. 

https://www.bleepingcomputer.com/news/security/microsoft-pushes-emergency-update-for-windows-printnightmare-zero-day/

Point of concern - The buggy code behind this remote code execution bug (tracked as CVE-2021-34527) is present in all versions of Windows, with Microsoft still investigating if the vulnerability can be exploited exploitable on all of them.  

Guess if you're still using an older OS, you'll need to disable the Print Spooler Service.  

FYI!! It appears OPatch has an "unofficial" micropatch for the issue. https://www.bleepingcomputer.com/news/security/actively-exploited-printnightmare-zero-day-gets-unofficial-patch/

SA

Done on all my machines. Hoping for a fix by the time the July patches are released. Most likely an OOB update later will take care of it.

Edited: Can you imagine the headaches for a managed service provider, much less an enterprise IT team? 

SA