Microsoft Issues Urgent Security Warning: Update Your Pc Immediately

Here too:

https://www.cnn.com/2021/07/07/tech/microsoft-security-update/index.html

Microsoft has started rolling out an emergency Windows patch to address a critical flaw in the Windows Print Spooler service. The vulnerability, dubbed PrintNightmare, was revealed last week, after security researchers accidentally published proof-of-concept (PoC) exploit code. Microsoft has issued out-of-band security updates to address the flaw, and has rated it as critical as attackers can remotely execute code with system-level privileges on affected machines.

Thank you Jessica

This is so bad they even issued an update for Windows 7. I wonder if this is related to that huge ransomware attack that's mostly in Europe, I think that accesses the print spooler too.

Jessica,

I assume this applies to those that "control" updates and not those that let Microsoft update when needed. I checked my updates and says "Updated" now....

Rich

Rich, the update will be rolling out so you have to check and see.

Susan it said: Researchers at cybersecurity company Sangfor accidentally published a how-to guide for exploiting it. GEEZ!

I stopped the Print Spooler Service since I don't have a printer.

Jessica,

"I stopped the Print Spooler Service since I don't have a printer" .Sounds SMART! But like what is the print spooler, asking for a few hundred friends....

Rich

Rich, The Print Spooler is software built into the Windows operating system that temporarily stores print jobs in the computer’s memory until the printer is ready to print them. This service spools print jobs and handles interactions with the printer. If you turn off this service, you won’t be able to print or see your printers.

I don't have a printer so...

the last update messed up my start up, hope the repairs fixes it again.


----Mike Savad
http://www.MikeSavad.com

OMG, are you serious? How do they "accidentally" publish something like that? I bet it was an unhappy employee seeking revenge or sumthin'.

If you have the patch you don't need to turn your print spooler off, but it doesn't hurt if you don't use it.

Btw, the huge ransomware attack in Europe, etc. gained access through software meant to stop ransomware attacks.

Rich, click the start menu, type the words "update history" without the quotes. Click View Update History. Look for an update for KB5004945. If it's not there, the patch isn't installed. Then just run Check for Updates.

Chuck, Jessica,

First told me I was "up to date", then clicked on Updates and 2 new ones popped up, KB5003537 and KB5004945! Clicked on "Update" and NOW installed, will restart in a few minutes....

Thanks!

Rich

But how do we update it ourselves?

Thanks...I figured out how to do the updates but I don't want to disable the Print Spooler as then I can't print anything.

Rose you don't have to stop it if you install the patch

Thanks...now all I have to do is find and figure out how to install the patch.

Microsoft's incomplete PrintNightmare patch fails to fix vulnerability

Today, as more researchers began modifying their exploits and testing the patch, it was determined that exploits could bypass the entire patch entirely to achieve both local privilege escalation (LPE) and remote code execution (RCE).


https://www.bleepingcomputer.com/news/microsoft/microsofts-incomplete-printnightmare-patch-fails-to-fix-vulnerability/

Still trying to find the patch on Microsofts website...none of these articles seem to link to the actual patch...but reading the link above it sounds like it won't fix it anyways.

Rose, It will be on your computer! Look in your settings and go to 'Update and Security'.

That's where you will find your updates.

Rose,

Just follow Chuck's recipe....even I DID IT RIGHT! LOL!

Rich

i hate it when it shows no new updates... but then you click it and there are like a half dozen things, now installing. as far as i know i'm up to date. we have a few more machines to do later.


----Mike Savad
http://www.MikeSavad.com

Thanks, Chuck, Rich and Jessica...that update was not installed and it says "pending download" but there is no way to download it....only comes up with another possible download "feature update to Windows 10" which failed at downloading...sigh...

Chuck, thanks, you're so helpful. I'm updated but according to Jessica we are still vulnerable. What should we do now? Stay off the computer until there's a fix?

Thank you!! I haven't been up on the news, so glad I popped in. :)

@rose, if you go to the update menu, on the left is something called - troubleshooting. click that then click on additional trouble shooters. then the 4th one down, windows update. this should clear issues to let it download.


----Mike Savad
http://www.MikeSavad.com

Thanks so much for the info Jessica :))

Rose: et al. Don't forget to re-boot !.....Jessica: huge thank you!

Putting myself in 'lockdown' for a while. !

I verified w/ the Microsoft catalogue, Chuck's KB# is correct, tho be aware of your specific version WIN... The update took a little while, though seems resolved.

Does anyone know when FAA allows artists from other countries when there are ransomware/attacks from those countries, what policies are in place to safe guard members?

Question: Msft installed KB5004945, yeah! BUT, please can you tell me IF that addresses the Printer issues?

Apparently it does not. And it's not printer issues really, it's a very nasty virus that takes control of your system through the print spooler. I expect they'll have a working patch out in the next day or two.

tHANKS, Susan. I wait in the usual trepidation about Msft, the invader!!!!!!!!!!!!!!!!!!

Step 1: Make sure you have installed Microsoft’s June 2021 emergency security update. This patches one of two major loopholes in the Windows Print Spooler system. Download the version for your system here; all options are listed under “Security Updates.

Step 2: Unfortunately, there is no patch yet for the second loophole, so Microsoft and the federal Cybersecurity and Infrastructure Security Agency are advising people to disable Windows Print Spooler when it’s not being used for printing. Follow the instructions listed under “Workarounds” here. It involves some coding magic via PowerShell, a program which you can download here.

https://docs.microsoft.com/en-us/windows/release-health/windows-message-center?ranMID=24542&ranMID=24542&ranEAID=je6NUbpObpQ&ranSiteID=je6NUbpObpQ-rY6XWqFEFEjcS98VNCG2Jg&epi=je6NUbpObpQ-rY6XWqFEFEjcS98VNCG2Jg&irgwc=1&OCID=AID2200057_aff_7593_1243925&tduid=%28ir__ioco9zf6fokfq2pozgtihqsbzm2xubhd3tv29ksq00%29%287593%29%281243925%29%28je6NUbpObpQ-rY6XWqFEFEjcS98VNCG2Jg%29%28%29&irclickid=_ioco9zf6fokfq2pozgtihqsbzm2xubhd3tv29ksq00

Good link Jessica.

Folks I would still install the patch. While it appears not to be a complete fix, the exploits in the wild for this are focused on domain joined Windows machines, the idea that a hacker can take over a Windows computer network, in particular a Domain Controller which has the keys to the kingdom in a Windows network.

If you are using Windows Home and not Pro or higher, this is not nearly as big of a deal. Windows Home does not have “remote authenticated users”, so the vulnerability is not as severe as a domain joined computer.

More information...

https://www.askwoody.com/2021/print-nightmare-is-going-to-be-a-nightmare/
https://krebsonsecurity.com/2021/07/microsoft-issues-emergency-patch-for-windows-flaw/
https://www.kaspersky.com/blog/printnightmare-vulnerability/40520/

Yup, half a fix is better than no fix. I still run Windows 7 Enterprise, so I'm glad they decided to support it through this.

Chuck, you're just the best. (You too Jessica!)

Hey Jenny & Chuck, is there a way to EMPTY our printer spool cache? Thx GJ

Thank you Chuck! I feel better now!

How to enable or disable Print Spooler Service on Windows 10

https://www.thewindowsclub.com/enable-or-disable-print-spooler-service

Yeah! Finally...it updated correctly...had to move and delete some stuff from my C/Hard drive as apparently it didn't have enough room to update. Thank you EVERYONE for your patience and instructions on how to get that needed update...and, phew, everything still works. I always get a bit worried when Windows updates things!

Has anyone disabled their Print Spooler yet. If you disable it, does that mean you can't print from the internet or your computer?

I don't think you can print at all if turned off.

Mike ... are you turning yours off? We use our printer frequently to just print stuff here at home or to print something off the net.

I simply updated windows.

I turned mine off when I learned the update only half fixes the problem, since I rarely print. I think the print spooler restarts on its own if you restart your computer, tho.

I don't know if this has to do with it, but I did a windows check for updates yesterday and it said it didn't find any updates, then suddenly yesterday afternoon my computer started have a lots of issues. It suddenly stopped reading "some" my raw .ARW files when I try to open them from File Explorer which opens the photo in Microsoft Photos. It's reading my older .ARW camera files but not my Sony A99ii files. Also, it works fine if I open the Photos program directly and then view from there which is odd.

When opening from explorer it would briefly shot photo preview then disappears saying I needed to install an extension. Thought it was weird but tried to open Microsoft store and it won't open. Double checked that my Sony Raw reader file was installed, reran it to reinstall, still having issue. Did a restore back to a restore point a couple days ago and it made things worse. Said my intel graphics command wouldn't work and it would let me open any photo file, not even jpeg. Said invalid registry so went back to restore and undid it. Still had graphic command issue along with a couple more issues but back to it only reading part of my .ARW files.

Gave up last night. This am when I booted computer, the graphics command issue and another issue didn't happen, but I discovered my Windows Security app won't open either. It opens but it's just a white box with the blue title bar on top and I can see the 3 line menu bars but doesn't do anything when click it. So I can't even scan my computer to make sure I don't have a virus and can't open store to troubleshoot. I'm back to checking for windows updates and it's been scanning for a good 20 mins which is unusual? Usually it inly takes a couple mins to let me know if I need to update?

It finally fished the check for updates and it says I'm up to date. I looked up the history and I don't see the KB5004945 listed. But it keeps telling me I'm up to date so what do I do?

Jennifer are you on Windows 10 and which version? It will tell you in your update history

So if they said so..where is the patch for windows7?

I'm on 10. My update history is not showing that update. I've scanned it 4 times to check for updates and it keeps telling me I'm up to date. I went through the manual option of going through and stopping the spooler.

Then I went to cmd, and ran a scan. It found some errors and fixed them. I rebooted and now I'm able to open the Windows security app. I ran a quick scan and it didn't find any issues. But I still can't open the microsoft store and it's still not reading all of my .arw files? Keeps telling me to install the extension which I have to get in the store but it after you click the store it opens but then doesn't do anything.


Ughhh....I don't have time for this. I need to be working on client photos. Always happens at the worst times.

Thank you for letting us know this, Jessica. I checked both my computers and the updates had already happened automatically. I did have to reboot, but it's done.

Something else that is strange is yesterday when I did a restore, there was an automatic restore point taking me back to before a windows update on 7/5. But when I look at my history, there isn't anything showing up after 6/30. Not even my virus update which was updated yesterday according to the program when I finally just now got it to open. I wonder if it's there but not showing?

It's still not resolving why my newer camera raw .arw files suddenly stopped opening and why it's requiring I download and extension from Microsoft store which won't open. I've even done a reset on it too.

If it's any consolation, based on what I've read this doesn't sound like Printnightmare. Unfortunately, that doesn't mean you're not infected with something else. You might want to try installing different virus software.

Thanks Susan. I guess it is different.

I started working with Microsoft shortly after my last message. They did the remote computer thing and she couldn't resolve my issues. She told me I had to do a windows 10 reinstall upgrade. She couldn't even get the media creation tool iso to work when she was trying to get the upgrade to download. It was freezing on her. She finally went deep into the system and got it to install. Due to it going to take a while, we disconnected chat and screen sharing. Right after windows 10 update downloaded (didn't even install yet) it said it was checking for updates and it's been stuck on that for over an hour now. Ughh..... Now I'm trying to get back into chat with microsoft and they are backlogged. Been on hold for 30 mins. I'm afraid to stop it bc it might mess up something and it took her 30 mins just to get the download to even start.

There's a Windows Defender update out, at least for Win7 Enterprise. I imagine it's available for other versions as well.

Apparently my issue is somewhat tied to this printnightmare thing according to Microsoft support person I worked with today. I guess it has other issues with it too. I've been working with them all day Friday and most of today. We've reinstalled Windows 10 and still having same issues. (Can't open my newer.arw files bc of issues with Microsoft photos program, but does open older ones, Can't do a windows update, can't update virus definitions, can't open microsoft store. Basically can't update or repair anything that is microsoft or windows related).

Anyone else with this issue?

Jennifer, what version of windows 10 are you on? Is it 21H1 or what? Do you download regular updates?

You can check your View Update History

If by chance someone has knowledge about the patch for Windows 7, please post it here.

You can get it via an out of band monthly rollup.

https://support.microsoft.com/en-us/topic/july-6-2021-kb5004953-monthly-rollup-out-of-band-b0e3bd48-924b-45c5-8b54-d8317aa62901

You may need to extend the security updates with the following from the Update Catalog:

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4575903

Install the update for your version of windows, restart and check for updates.

Okay, thank you.

Thanks

I should mention that you may also need to update the SSU:

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4592510

After the necessary updates, you can get the patch from the Update Catalog also:

https://www.catalog.update.microsoft.com/Search.aspx?q=KB5004953

Support for Windows 7 ended on January 14, 2020.

If you are still using Windows 7, your PC may become more vulnerable to security risks. -Microsoft

That suggests to me there is no patch.

Floyd, Despite announcing that it would no longer issue updates for Windows 7, Microsoft issued a patch for its 12-year old operating system, underscoring the severity of the PrintNightmare flaw.

Jessica,

Yes, there's a patch but it doesn't always work. You may get error messages or be told to go elsewhere for a different update before the patch can be installed. That update may or may not work.

I got an update for Win7 Enterprise Floyd, and then one for Defender on the same OS.

Well, that is good to hear. Not often I hear of something that impresses me about Microsoft...

I have three Windows 7 machines still in service. Never have done an upgrade on any of them. Never had a problem either. But I only use each one for one task only, nothing else.

For the record a third vulnerability on the print spooler was found. No patch so far. You can still disable the spool service if you don't need it.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481

Alexios, Yes, I disabled it since I don't use a printer.

Jessica, I don't know about Win10, but in Win7 it turns back on when you reboot. I know you can turn it off permanently but I haven't looked to see if I can figure that out yet. Anyway you might want to check yours if you have restarted since you first turned it off.

Susan, there is stop and there is disable. If you just stop it, then when you reboot, it comes back, If you disable, then it says that way.

New Win7 security update just came in a few seconds ago, I image for Win10 as well.

Thanks Jess!

Did the latest big update for WIN10 automatically erase all cookies every night? Every time I sign in to old sites, like the bank, etc. always get asked to sign in, which I never had to before....

Rich

Didn't happen to me on Win7. Might depend on which browser you use.

Which update, Rich? What version?

Jessica,

After the last update, KB5004237 or so.

Rich