by Microsoft has released a new critical security vulnerability with CVSS V3.1 Score 9.8 for the Windows Print Spooler service that will cause remote code execution. Security vulnerabilities related to Print Spooler started with “CVE-2021-36936“. Below is other published security vulnerabilities related to this situation, sometimes referred to as PrintNightmare.
- CVE-2021-34527
- CVE-2021-34481
- CVE-2021-36936
- CVE-2021-36947
- CVE-2021-34483
- CVE-2021-36958
Affected Systems
Windows Operating Systems/Windows Print Spooler products are affected.
Solution and CVE/CWE
- As a short-term solution, you can turn off the Print Spooler service until new patches are released.
- It is recommended to download and install the following patches published regarding the CVE-2021-36936 vulnerability. You can also install patches for other Vulnerabilities mentioned in the Description section.
CVE/CWE: CVE-2021-36936
| Product | Article | Security Patch |
|---|---|---|
| Windows Server 2012 R2 (Server Core installation) | 5005076 | Monthly Rollup |
| Windows Server 2012 R2 (Server Core installation) | 5005106 | Security Only |
| Windows Server 2012 R2 | 5005076 | Monthly Rollup |
| Windows Server 2012 R2 | 5005106 | Security Only |
| Windows Server 2012 (Server Core installation) | 5005099 | Monthly Rollup |
| Windows Server 2012 (Server Core installation) | 5005094 | Security Only |
| Windows Server 2012 | 5005099 | Monthly Rollup |
| Windows Server 2012 | 5005094 | Security Only |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5005088 | Monthly Rollup |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5005089 | Security Only |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5005088 | Monthly Rollup |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5005089 | Security Only |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5005090 | Monthly Rollup |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5005095 | Security Only |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5005090 | Monthly Rollup |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5005095 | Security Only |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5005090 | Monthly Rollup |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5005095 | Security Only |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5005090 | Monthly Rollup |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5005095 | Security Only |
| Windows RT 8.1 | 5005076 | Monthly Rollup |
| Windows 8.1 for x64-based systems | 5005076 | Monthly Rollup |
| Windows 8.1 for x64-based systems | 5005106 | Security Only |
| Windows 8.1 for 32-bit systems | 5005076 | Monthly Rollup |
| Windows 8.1 for 32-bit systems | 5005106 | Security Only |
| Windows 7 for x64-based Systems Service Pack 1 | 5005088 | Monthly Rollup |
| Windows 7 for x64-based Systems Service Pack 1 | 5005089 | Security Only |
| Windows 7 for 32-bit Systems Service Pack 1 | 5005088 | Monthly Rollup |
| Windows 7 for 32-bit Systems Service Pack 1 | 5005089 | Security Only |
| Windows Server 2016 (Server Core installation) | 5005043 | Security Update |
| Windows Server 2016 | 5005043 | Security Update |
| Windows 10 Version 1607 for x64-based Systems | 5005043 | Security Update |
| Windows 10 Version 1607 for 32-bit Systems | 5005043 | Security Update |
| Windows 10 for x64-based Systems | 5005040 | Security Update |
| Windows 10 for 32-bit Systems | 5005040 | Security Update |
| Windows Server, version 20H2 (Server Core Installation) | 5005033 | Security Update |
| Windows 10 Version 20H2 for ARM64-based Systems | 5005033 | Security Update |
| Windows 10 Version 20H2 for 32-bit Systems | 5005033 | Security Update |
| Windows 10 Version 20H2 for x64-based Systems | 5005033 | Security Update |
| Windows Server, version 2004 (Server Core installation) | 5005033 | Security Update |
| Windows 10 Version 2004 for x64-based Systems | 5005033 | Security Update |
| Windows 10 Version 2004 for ARM64-based Systems | 5005033 | Security Update |
| Windows 10 Version 2004 for 32-bit Systems | 5005033 | Security Update |
| Windows 10 Version 21H1 for 32-bit Systems | 5005033 | Security Update |
| Windows 10 Version 21H1 for ARM64-based Systems | 5005033 | Security Update |
| Windows 10 Version 21H1 for x64-based Systems | 5005033 | Security Update |
| Windows 10 Version 1909 for ARM64-based Systems | 5005031 | Security Update |
| Windows 10 Version 1909 for x64-based Systems | 5005031 | Security Update |
| Windows 10 Version 1909 for 32-bit Systems | 5005031 | Security Update |
| Windows Server 2019 (Server Core installation) | 5005030 | Security Update |
| Windows Server 2019 | 5005030 | Security Update |
| Windows 10 Version 1809 for ARM64-based Systems | 5005030 | Security Update |
| Windows 10 Version 1809 for x64-based Systems | 5005030 | Security Update |
| Windows 10 Version 1809 for 32-bit Systems | 5005030 | Security Update |
Note: Those with a CVSS 3.1 score (out of 10) 7.0-8.9 are considered “high”, those with 9.0-10.0 are considered “critical” vulnerabilities.
Reference:
