Microsoft Patch Tuesday Includes Fix for Actively Exploited Vulnerability
On Tuesday, August 10, Microsoft released fixes for 44 security issues. The batch includes patches for three security issues affecting Windows Print Spooler. One of the flaws (CVE-2021-36948), a privilege elevation issue affecting the Windows Medic Update Service, is being actively exploited.
The latest PrintNightmare patch does reduce functionality by no longer allowing users to provide print drivers. But even with this change in functionality, the print nightmare isn’t over yet. A new print spooler-related vulnerability was disclosed, including PoC exploit, affecting clients connecting to compromised print servers. The vulnerability could be used for local privilege escalation (e.g., an attacker setting up a malicious print server to connect to in order to escalate privileges on a compromised system). At the same time, older print nightmare issues are actively used by ransomware gangs.
Microsoft is now enforcing requiring admin rights to install print drivers rather than making that an optional second step. The Windows Update Medic Service is a new service which aids fixing windows update when it gets broken so users will continue to receive updates, removing the long string of workarounds needed to fix it. That fix alone is worth deploying the update.
Read more in
KrebsOnSecurity: Microsoft Patch Tuesday, August 2021 Edition
Threatpost: Actively Exploited Windows Zero-Day Gets a Patch