Microsoft issues urgent security warning: Update your PC immediately

Microsoft is urging Windows users to immediately install an update
after security researchers found a serious vulnerability in the
operating system.

The security flaw, known as PrintNightmare, affects the Windows Print
Spooler service. Researchers at cybersecurity company Sangfor
accidentally published a how-to guide for exploiting it.

The researchers tweeted in late May that they had found
vulnerabilities in Print Spooler, which allows multiple users to
access a printer. They published a proof-of-concept online by mistake
and subsequently deleted it - but not before it was published
elsewhere online, including developer site GitHub.

Microsoft warned that hackers that exploit the vulnerability could
install programs, view and delete data or even create new user
accounts with full user rights. That gives hackers enough command and
control of your PC to do some serious damage.

Windows 10 is not the only version affected -- Windows 7, which
Microsoft has ended support for last year, is also subject to the
vulnerability.

Despite announcing that it would no longer issue updates for Windows
7, Microsoft issued a patch for its 12-year-old operating system,
underscoring the severity of the PrintNightmare flaw. Updates for
Windows Server 2016, Windows 10, version 1607, and Windows Server 2012
are "expected soon," it said.

"We recommend that you install these updates immediately," the company
said.

<https://www.ksl.com/article/50203184/microsoft-issues-urgent-security-warning-update-your-pc-immediately>

On 7/12/2021 10:00 PM, Michael Trew wrote:
> Microsoft issues urgent security warning: Update your PC immediately
>
>
> Microsoft is urging Windows users to immediately install an update
> after security researchers found a serious vulnerability in the
> operating system.
>
> The security flaw, known as PrintNightmare, affects the Windows Print
> Spooler service. Researchers at cybersecurity company Sangfor
> accidentally published a how-to guide for exploiting it.
>
> The researchers tweeted in late May that they had found
> vulnerabilities in Print Spooler, which allows multiple users to
> access a printer. They published a proof-of-concept online by mistake
> and subsequently deleted it - but not before it was published
> elsewhere online, including developer site GitHub.
>
> Microsoft warned that hackers that exploit the vulnerability could
> install programs, view and delete data or even create new user
> accounts with full user rights. That gives hackers enough command and
> control of your PC to do some serious damage.
>
> Windows 10 is not the only version affected -- Windows 7, which
> Microsoft has ended support for last year, is also subject to the
> vulnerability.
>
> Despite announcing that it would no longer issue updates for Windows
> 7, Microsoft issued a patch for its 12-year-old operating system,
> underscoring the severity of the PrintNightmare flaw. Updates for
> Windows Server 2016, Windows 10, version 1607, and Windows Server 2012
> are "expected soon," it said.
>
> "We recommend that you install these updates immediately," the company
> said.
>
> <https://www.ksl.com/article/50203184/microsoft-issues-urgent-security-warning-update-your-pc-immediately>
>
>
Any idea of where the update is for Windows 7? The article doesn't seem
to say.

--
Jo-Anne

Jo-Anne wrote:

>> "We recommend that you install these updates immediately," the company
>> said.
>>
>> <https://www.ksl.com/article/50203184/microsoft-issues-urgent-security-warning-update-your-pc-immediately>
>>
> Any idea of where the update is for Windows 7? The article doesn't seem
> to say.

https://www.digitaltrends.com/computing/how-to-fix-print-nightmare-on-windows-right-now/

Windows 11 = 22000.65
Windows 8.1 = KB5004954
Windows 7 = KB5004953

But if you look at this right now, it's a bit of a mess. This is what
they used on the above site to find these. This link won't be valid
a month from now, and it still raises the question, which patch
happened in which month. Now, these are cumulative, but
why has a Windows 7 patch (without the word Embedded in it),
been offered month after month ? Seeing what this coughed up,
is more troubling than downloading the patch.

https://www.catalog.update.microsoft.com/Search.aspx?q=security%20monthly%20quality%20rollup%20%22windows%207%22

What I had hoped to find when going there, is that the x86 and the x64
patches would have different KB numbers, and then I would just
copy and paste the appropriate ones. But by using the same KB number,
and putting multiple entries in the catalog listing, it would be
a lot more work to copy some .msu to give a precise enough answer.

As hard as I try, I just can't prune that fucking list. I can't use
"-embedded" to remove the Embedded versions.

security monthly quality rollup 2021-07

https://www.catalog.update.microsoft.com/Search.aspx?q=security%20monthly%20quality%20rollup%202021-07%20

Anyway, enough griping. Here's a list.

*******

2021-07 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB5004953) 375,405,645 bytes

http://download.windowsupdate.com/d/msdownload/update/software/secu/2021/07/windows6.1-kb5004953-x64_62d21485a29cad041230e4c647baeaeacc09ac7c.msu

2021-07 Security Monthly Quality Rollup for Windows 7 for x86-based Systems (KB5004953) 249,086,473 bytes

http://download.windowsupdate.com/d/msdownload/update/software/secu/2021/07/windows6.1-kb5004953-x86_076aed0ffca7ef0c30d6e4dfda0346f6b319f448.msu

*******

2021-07 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems (KB5004954) 558,526,618 bytes

http://download.windowsupdate.com/c/msdownload/update/software/secu/2021/07/windows8.1-kb5004954-x64_691dc48f8697e7dd2d138d8c6ac2a92d27927467.msu

2021-07 Security Monthly Quality Rollup for Windows 8.1 for x86-based Systems (KB5004954) 364,345,778 bytes

http://download.windowsupdate.com/d/msdownload/update/software/secu/2021/07/windows8.1-kb5004954-x86_fabac48b8c90b1cbd76fb14d0a89515e957e246c.msu

Paul

Jo-Anne <Jo-Anne@nowhere.com> wrote:

> Michael Trew wrote:
>
>> Microsoft issues urgent security warning: Update your PC immediately
>> <Print Nightmare fix>
>> <https://www.ksl.com/article/50203184/microsoft-issues-urgent-security-warning-update-your-pc-immediately>
>
> Any idea of where the update is for Windows 7? The article doesn't seem
> to say.

Looks like it is KB5004945 for Windows 10, but the KB update varies by
OS version; see:

https://www.digitaltrends.com/computing/how-to-fix-print-nightmare-on-windows-right-now/

They say it is KB5004953 for Windows 7. They also say the fix should be
available using the Windows Update client (instead of having to search
the Update Catalog site). Did you try using the WU client?

On Tue, 13 Jul 2021 at 04:06:56, Paul <nospam@needed.invalid> wrote (my
responses usually follow points raised):
>Jo-Anne wrote:
>
>>> "We recommend that you install these updates immediately," the company
>>> said.
>>>
>>>
>>><https://www.ksl.com/article/50203184/microsoft-issues-urgent-security
>>>-warning-update-your-pc-immediately>
>> Any idea of where the update is for Windows 7? The article doesn't
>>seem to say.
[]
> Windows 7 = KB5004953
>
>But if you look at this right now, it's a bit of a mess. This is what
>they used on the above site to find these. This link won't be valid
>a month from now, and it still raises the question, which patch
>happened in which month. Now, these are cumulative, but
>why has a Windows 7 patch (without the word Embedded in it),
>been offered month after month ? Seeing what this coughed up,
>is more troubling than downloading the patch.

(What do you mean by "offered"? The only thing I've seen through the
normal update system [I have it set to "tell me but let me choose"] is
the regular MSRT.)
[]
>Anyway, enough griping. Here's a list.
>
>*******
>
>2021-07 Security Monthly Quality Rollup for Windows 7 for x64-based
>Systems (KB5004953) 375,405,645 bytes
>
>http://download.windowsupdate.com/d/msdownload/update/software/secu/2021
>/07/windows6.1-kb5004953-x64_62d21485a29cad041230e4c647baeaeacc09ac7c.ms>u
>
>2021-07 Security Monthly Quality Rollup for Windows 7 for x86-based
>Systems (KB5004953) 249,086,473 bytes
[]
I had (on the 8th, so about 5 days ago) burrowed my way down to that
last one (I'm on 7-32). But when I press enter on it, I get "Preparing
the installation..." then "Searching for updates on this computer ..."
[which takes a while - why? Surely it should know where to look, and
know what it's looking for? If I search for a filename with Everything,
it finds it in a lot less time, and that's _without saying where!], then
"The Windows Modules Installer must be updated before you can install
this package. Please <update the Windows Modules Installer on your
computer>, then retry Setup. \\ OK".

(I did follow the link, eventually getting [Windows Modules Installer]
Update for Windows 7 (KB2533552), which tells me "Update for Windows
(KB2533552) is already installed on this computer." Maybe I found the
wrong thing.)
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

"I'm very peachable, if people know how to peach" - Sir David Attenborough (on
being asked if he was tired of being described as impeachable), on Desert
Island Discs, 2012-1-29.

On Tue, 13 Jul 2021 at 04:47:50, VanguardLH <V@nguard.LH> wrote (my
responses usually follow points raised):
>Jo-Anne <Jo-Anne@nowhere.com> wrote:
>
>> Michael Trew wrote:
>>
>>> Microsoft issues urgent security warning: Update your PC immediately
[]
>> Any idea of where the update is for Windows 7? The article doesn't seem
>> to say.
>
>Looks like it is KB5004945 for Windows 10, but the KB update varies by
>OS version; see:
>
>https://www.digitaltrends.com/computing/how-to-fix-print-nightmare-on-wi
>ndows-right-now/

(Why do web pages now tend to have bigger and bigger blank banners at
the top? When I load that one, I have to scroll down before I see _any_
content! OK, </rant>.)
>
>They say it is KB5004953 for Windows 7. They also say the fix should be

(See my reply to Paul's post for my experience with that.)

>available using the Windows Update client (instead of having to search
>the Update Catalog site). Did you try using the WU client?

I (W7-32, Home) get the green shield with tick, "Windows is up to date)
There are no updates available for your computer.
Most recent check for updates: Today at 1:48
Updates were installed: 2021-6-9 at 1:6. <View update history>"

If I click on View, the last seven updates - one a month - are just the
MSRT (KB890830), versions 5.84 to 5.90. No sign of 5004953.
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

"I'm very peachable, if people know how to peach" - Sir David Attenborough (on
being asked if he was tired of being described as impeachable), on Desert
Island Discs, 2012-1-29.

On Tue, 13 Jul 2021 01:22:46 -0500, Jo-Anne <Jo-Anne@nowhere.com>
wrote:

>On 7/12/2021 10:00 PM, Michael Trew wrote:
>> Microsoft issues urgent security warning: Update your PC immediately
>>
>>
>> Microsoft is urging Windows users to immediately install an update
>> after security researchers found a serious vulnerability in the
>> operating system.
>>
>> The security flaw, known as PrintNightmare, affects the Windows Print
>> Spooler service. Researchers at cybersecurity company Sangfor
>> accidentally published a how-to guide for exploiting it.
>>
>> The researchers tweeted in late May that they had found
>> vulnerabilities in Print Spooler, which allows multiple users to
>> access a printer. They published a proof-of-concept online by mistake
>> and subsequently deleted it - but not before it was published
>> elsewhere online, including developer site GitHub.
>>
>> Microsoft warned that hackers that exploit the vulnerability could
>> install programs, view and delete data or even create new user
>> accounts with full user rights. That gives hackers enough command and
>> control of your PC to do some serious damage.
>>
>> Windows 10 is not the only version affected -- Windows 7, which
>> Microsoft has ended support for last year, is also subject to the
>> vulnerability.
>>
>> Despite announcing that it would no longer issue updates for Windows
>> 7, Microsoft issued a patch for its 12-year-old operating system,
>> underscoring the severity of the PrintNightmare flaw. Updates for
>> Windows Server 2016, Windows 10, version 1607, and Windows Server 2012
>> are "expected soon," it said.
>>
>> "We recommend that you install these updates immediately," the company
>> said.
>>
>> <https://www.ksl.com/article/50203184/microsoft-issues-urgent-security-warning-update-your-pc-immediately>
>>
>>
>Any idea of where the update is for Windows 7? The article doesn't seem
>to say.

How-to page.

https://ccm.net/faq/76471-printnightmare-how-to-fix-the-windows-security-bug

"Michael Trew" <mt999999@ymail.com> wrote

| Microsoft issues urgent security warning: Update your PC immediately
|

Once again, problems with allowing remote access to your
computer. That's the real problem.

On Tue, 13 Jul 2021 at 06:48:14, Merle@invalid.com wrote (my responses
usually follow points raised):
>On Tue, 13 Jul 2021 01:22:46 -0500, Jo-Anne <Jo-Anne@nowhere.com>
>wrote:
[]
>>Any idea of where the update is for Windows 7? The article doesn't seem
>>to say.
>
>How-to page.
>
>https://ccm.net/faq/76471-printnightmare-how-to-fix-the-windows-security-bug

Just points to KB5004953 (Rollup, 237 MB) or '4951 (Security Only, 21.1
MB). When I try either of those, I get told to update the Windows
Modules Installer first, which I have not succeeded in doing. (Any
guidance on that [or otherwise implement '4953] would be appreciated.)
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

Veni, Vidi, Video (I came, I saw, I'll watch it again later) - Mik from S+AS
Limited (mik@saslimited.demon.co.uk), 1998

On Tue, 13 Jul 2021 13:04:53 +0100, "J. P. Gilliver (John)"
<G6JPG@255soft.uk> wrote:

>On Tue, 13 Jul 2021 at 06:48:14, Merle@invalid.com wrote (my responses
>usually follow points raised):
>>On Tue, 13 Jul 2021 01:22:46 -0500, Jo-Anne <Jo-Anne@nowhere.com>
>>wrote:
>[]
>>>Any idea of where the update is for Windows 7? The article doesn't seem
>>>to say.
>>
>>How-to page.
>>
>>https://ccm.net/faq/76471-printnightmare-how-to-fix-the-windows-security-bug
>
>Just points to KB5004953 (Rollup, 237 MB) or '4951 (Security Only, 21.1
>MB). When I try either of those, I get told to update the Windows
>Modules Installer first, which I have not succeeded in doing. (Any
>guidance on that [or otherwise implement '4953] would be appreciated.)

I'm guilty of not reading it fully. I've stuck with XP for the years,
so I really wasn't that involved.

I also looked all over out of mere curiosity and couldn't find that
dang update

I think those article writers couldn't find it, too,. :o)

Mayayana <mayayana@invalid.nospam> wrote:
> "Michael Trew" <mt999999@ymail.com> wrote
>
> | Microsoft issues urgent security warning: Update your PC immediately
>
> Once again, problems with allowing remote access to your
> computer. That's the real problem.

Indeed. The reports are very unclear about which kind of users are
really at risk and what to do to make sure you don't take any unneeded
risks.

The reports vary from only computers in a domain are at risk, to
'everybody' is at risk.

They don't bother to explain how to make sure that a small home
network - i.e. two or more computers with one or more printers - is
secure, i.e. printers can be used within the LAN, but is safe from
attacks from the WAN.

I tried to check the settings of my (built-in) (8.1) Windows Firewall,
but the terminology is too ambiguous for me and there are too many
Inbound Rules for me to see the forest for the trees.

I don't worry about the PrintNightmare vulnerability, because I do
have the update (and before that I had disabled the Print Spooler
service (that was the only specific and usable advice in the reports)).
But it would be nice if there was a cookbook as to how to configure the
Windows Firewall to not allow any unneeded inbound or outbound
connections.

Another approach would be a trusted sites which 'attacks' your
computer to report any unneeded inbound connections/ports.

Any pointers to these are welcome.

Paul <nospam@needed.invalid> wrote:
> Jo-Anne wrote:
>
> >> "We recommend that you install these updates immediately," the company
> >> said.
> >>
> >> <https://www.ksl.com/article/50203184/microsoft-issues-urgent-security-warning-update-your-pc-immediately>
> >>
> > Any idea of where the update is for Windows 7? The article doesn't seem
> > to say.
>
> https://www.digitaltrends.com/computing/how-to-fix-print-nightmare-on-windows-right-now/

[Report of trip to the moon and back.]

I just followed the "it said." (Microsoft said) link in the KSL.com
article.

That brought me to

'Out-of-Band (OOB) Security Update available for CVE-2021-34527'
<https://msrc-blog.microsoft.com/2021/07/06/out-of-band-oob-security-update-available-for-cve-2021-34527>

And then is was just happy sailing by just following the links.

And yes, that included getting the right (x64/x86 (non-Embedded)) bits
from the Microsoft Update Catalog for those who need those.

N.B. I don't need any of this, because I did get the (8.1) update in
Windows Update, but because people seemed to have problems finding the
right KB-number, etc., I just read the article and followed the links.

[...]

"Frank Slootweg" <this@ddress.is.invalid> wrote

| > Once again, problems with allowing remote access to your
| > computer. That's the real problem.
| | Indeed. The reports are very unclear about which kind of users are
| really at risk and what to do to make sure you don't take any unneeded
| risks.
| | The reports vary from only computers in a domain are at risk, to
| 'everybody' is at risk.
| | They don't bother to explain how to make sure that a small home
| network - i.e. two or more computers with one or more printers - is
| secure, i.e. printers can be used within the LAN, but is safe from
| attacks from the WAN.
|

"By sending a request to add a printer, e.g. by using
RpcAddPrinterDriverEx() over SMB or RpcAsyncAddPrinterDriver() over RPC, a
remote, authenticated attacker..."

I never enable local networking, file sharing, etc, so I'm not
sure how that works.
I assume it's the same insofar as it's allowing another machine
to access yours. Doesn't a LAN that allows lax security locally
generally use a firewall machine to filter remote access? On the
other hand, if only one machine on the network is set up to
enable something like remote desktop then you've got a way in.

J. P. Gilliver (John) wrote:
> On Tue, 13 Jul 2021 at 04:47:50, VanguardLH <V@nguard.LH> wrote (my
> responses usually follow points raised):
>> Jo-Anne <Jo-Anne@nowhere.com> wrote:
>>
>>> Michael Trew wrote:
>>>
>>>> Microsoft issues urgent security warning: Update your PC immediately
> []
>>> Any idea of where the update is for Windows 7? The article doesn't seem
>>> to say.
>>
>> Looks like it is KB5004945 for Windows 10, but the KB update varies by
>> OS version; see:
>>
>> https://www.digitaltrends.com/computing/how-to-fix-print-nightmare-on-wi
>> ndows-right-now/
>
> (Why do web pages now tend to have bigger and bigger blank banners at
> the top? When I load that one, I have to scroll down before I see _any_
> content! OK, </rant>.)
>>
>> They say it is KB5004953 for Windows 7. They also say the fix should be
>
> (See my reply to Paul's post for my experience with that.)
>
>> available using the Windows Update client (instead of having to search
>> the Update Catalog site). Did you try using the WU client?
>
> I (W7-32, Home) get the green shield with tick, "Windows is up to date)
> There are no updates available for your computer.
> Most recent check for updates: Today at 1:48
> Updates were installed: 2021-6-9 at 1:6. <View update history>"
>
> If I click on View, the last seven updates - one a month - are just the
> MSRT (KB890830), versions 5.84 to 5.90. No sign of 5004953.

In the past, "emergency updates" to OSes that are out of
support, don't show up in Windows Update scan window.

Someone has to tell us the KB, or indicate whether it's a tiny
patch or a huge one.

This is why I have a natural tendency to inspect catalog.update.microsoft.com
for the details (like, if someone offers a link there). I still need a hint
as to what flavor of patch will be offered, and in this case, it's the
unnecessary ginormous variety (a cumulative, when the patch is probably
2-5MB in size. They'll do anything to get copies of api-* into OSes,
if it kills them :-/

I was just surprised at how many cumulatives were on offer for
Windows 7, when Windows 7 is out of support. I know they have
extended support plans, for $$$ per year, and maybe the files
are for those people. The emergency patch might be for
everyone, rather than the $$$ people.

You would know, if you double clicked a .msu and it said
"not for this OS", as this would indicate it was for a
different servicing stack.

Paul

J. P. Gilliver (John) wrote:
> On Tue, 13 Jul 2021 at 06:48:14, Merle@invalid.com wrote (my responses
> usually follow points raised):
>> On Tue, 13 Jul 2021 01:22:46 -0500, Jo-Anne <Jo-Anne@nowhere.com>
>> wrote:
> []
>>> Any idea of where the update is for Windows 7? The article doesn't seem
>>> to say.
>>
>> How-to page.
>>
>> https://ccm.net/faq/76471-printnightmare-how-to-fix-the-windows-security-bug
>>
>
> Just points to KB5004953 (Rollup, 237 MB) or '4951 (Security Only, 21.1
> MB). When I try either of those, I get told to update the Windows
> Modules Installer first, which I have not succeeded in doing. (Any
> guidance on that [or otherwise implement '4953] would be appreciated.)

Recipe here. Two files. SSU + 4953

https://docs.microsoft.com/en-us/answers/questions/239165/windows-module-installer-must-be-updated-before-yo.html

"BrittWinn-8018 - 4 days ago

Upon trying to install KB5004953 to mitigate the PrintNightmare
exploit on Windows 7, I received the message that the PC needed
to update the Windows Modules Installer.

The link to MS 2533552 works, but the links on that page pointing
to the downloadable update files lead to a page that states the
downloads are no longer available.

I followed the link provided by JuanSbrado-3258, downloaded the
Servicing Stack Update from the MS Update Catalog, and installed
this MSU (KB4592510).

https://support.microsoft.com/en-us/help/4592510/servicing-stack-update

After installing the Servicing Stack Update, I am now able to install
the KB5004953 update.

Thank you JuanSabrado-3258."

It appears to be (partially) an SSU issue.

I think at some point, there was also an irritating "End of Support"
patch that puts something on the screen. At the time, some people would
name and shame such patches (so others would not get bands or messages
on their screen), but perhaps that also had something to do
with the SSU status.

In the past, if a necessary SSU was missing, double clicking a
..msu file would say "Not For This OS", when in fact it was for the
OS, but the .msu was too bashful to indicate what item was missing.

Paul

Paul <nospam@needed.invalid> wrote:
[...]

> Someone has to tell us the KB, or indicate whether it's a tiny
> patch or a huge one.

KB5004953 Monthly Rollup, i.e. huge.

KB5004951 Security Only, i.e. tiny

(As always,) Both KB articles have pointers to the Microsoft Update
Catalog bits, if needed.

Source:
'Windows Print Spooler Remote Code Execution Vulnerability'
<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>

As mentioned before, I got to this page by just following links from
the KSL.com article in the OP. Not really rocket science.

[...]

Mayayana wrote:
> "Frank Slootweg" <this@ddress.is.invalid> wrote
>
> | > Once again, problems with allowing remote access to your
> | > computer. That's the real problem.
> |
> | Indeed. The reports are very unclear about which kind of users are
> | really at risk and what to do to make sure you don't take any unneeded
> | risks.
> |
> | The reports vary from only computers in a domain are at risk, to
> | 'everybody' is at risk.
> |
> | They don't bother to explain how to make sure that a small home
> | network - i.e. two or more computers with one or more printers - is
> | secure, i.e. printers can be used within the LAN, but is safe from
> | attacks from the WAN.
> |
>
> "By sending a request to add a printer, e.g. by using
> RpcAddPrinterDriverEx() over SMB or RpcAsyncAddPrinterDriver() over RPC, a
> remote, authenticated attacker..."
>
> I never enable local networking, file sharing, etc, so I'm not
> sure how that works.
> I assume it's the same insofar as it's allowing another machine
> to access yours. Doesn't a LAN that allows lax security locally
> generally use a firewall machine to filter remote access? On the
> other hand, if only one machine on the network is set up to
> enable something like remote desktop then you've got a way in.

They're worried about a "they got inside my perimeter" attack.

Sure, all the people here, don't port forward unnecessary stuff
to the Internet, so that an attack surface is presented for easy
pickings. Nobody here would be stupid enough to sit in Starbucks,
and print sheets of paper on their home printer, because it
happens to be port forwarded. It's also a lot of work to Port Forward
stuff, which is likely a major security achievement, that lazy users
are protected by their laziness.

But, if a Black Hat finds one exploit to get inside your perimeter,
and then they unleash all these "remote" exploits on your local LAN,
your second and third computers are going to fall over. Potentially
you lose the whole room full of computers to ransomware.

That is about how secure my computer room is. If anyone
gets inside the perimeter, it would take practically
no effort at all, to tip over all computers. On the WinXP
setup, it would be the missing SMB patch (patch didn't install
properly and had to be removed).

Since the emergency patches (like the WinXP SMB one) don't
show up in Windows Update, that's part of the problem with the
emergency patch idea. To successfully patch all your computers,
you'd have to be fricken Einstein (like knowing your WinXP SMB
patch is missing, then figuring out a way to get the KB number).
My WinXP SMB is not exposed to the Internet, by Port Forwarding,
but if someone gets inside my perimeter, running that exploit
would soon make toast out of it.

Paul

"J. P. Gilliver (John)" <G6JPG@255soft.uk> wrote:

> VanguardLH <V@nguard.LH> wrote:
>
>> Jo-Anne <Jo-Anne@nowhere.com> wrote:
>>
>>> Michael Trew wrote:
>>>
>>>> Microsoft issues urgent security warning: Update your PC
>>>> immediately
>>>
>>> Any idea of where the update is for Windows 7? The article doesn't
>>> seem to say.
>>
>> Looks like it is KB5004945 for Windows 10, but the KB update varies
>> by OS version; see:
>>
>> https://www.digitaltrends.com/computing/how-to-fix-print-nightmare-on-windows-right-now/
>
> (Why do web pages now tend to have bigger and bigger blank banners at
> the top? When I load that one, I have to scroll down before I see _any_
> content! OK, </rant>.)

I don't see a huge banner. I see the black banner at the top consisting
of their site branding, and a line showing what's trending (like I would
give a gnat's fart).

However, I use uBlock Origin which cuts out a lot of the noise. If I
disable uBO and refresh the document, yep, there's a much bigger banner.
What do you use for an adblocker?

In uBO, I do not have it subscribe to every blacklist, just the
following ones:

My filters
uBlock filters
uBlock filters - privacy
uBlock filters - resource abuse
AdGuard Base
EasyList
AdGuard Tracking Protection
EasyPrivacy
Online Malicious URL Blocklist
AdGuard Annoyances
AdGuard Social Media
uBlock filters - Annoyances

I don't subscribe to any of the hosts files (Pollock, MVPS, Lowe) as I
find they are slow to update and overly aggressive. The ones I picked
above have been sufficient to get rid of a majority of visual noise.

>> available using the Windows Update client (instead of having to
>> search the Update Catalog site). Did you try using the WU client?
>
> I (W7-32, Home) get the green shield with tick, "Windows is up to date)
> There are no updates available for your computer.
> Most recent check for updates: Today at 1:48
> Updates were installed: 2021-6-9 at 1:6. <View update history>"
>
> If I click on View, the last seven updates - one a month - are just the
> MSRT (KB890830), versions 5.84 to 5.90. No sign of 5004953.

Guess you're stuck using the WU Catalog site if you want the fix early.
Sometimes the catalog site will let you get an update sooner than when
Microsoft gets around to pushing it out to their WSUS server. Since the
fix is bundled in a cumulative patch, maybe you won't get it until next
Patch Tuesday. Wait a minute, isn't that today? The update was
out-of-band for Windows 10, but might be rolled into the monthly updates
for older and unsupported versions of Windows. MS also does load
balancing on their servers, so not everyone gets offered an update at
the same time; it's available, but not now for everyone. They often
spread it out. I had to wait 6 months for a feature update to Windows
10, and which just a month or two prior to the next feature update.

Because updates are re-released as new versions to fix problems with the
prior version released, the same update (by the same KB number) may be
presented multiple times. Plus, there are dependencies that are checked
to see if your setup should receive the update. In the long awaited
feature update (forget which one), there were a lot of, um, anomalies it
would cause. Until they fixed them, the update wasn't offered to a lot
of users. If the users just couldn't wait, they had to go to the WU
Catalog site to get them, and take the risk if those anomalies were
exhibited in their setup.

From what you said in reply to Paul when you tried to get the Print
Nightmare patch, you retrieved the one with a title of "2021-07 Security
Monthly Quality Rollup for Windows 7 for x86-based Systems (KB5004953)".
Looks like the right one for a non-embedded 32-bit version of Win 7.
When I clicked on the Download button, a window popped up listing
"windows6.1-kb5004953-x86_076aed0ffca7ef0c30d6e4dfda0346f6b319f448.msu".
I clicked on the hyperlink, and it downloaded okay despite I was using
Windows 10 x64 Home 21h2. I did *NOT* elect the default action of "Open
with". I selected "Save file". If I were to apply the update, I want
to download it (to ensure I have it for later as retries are sometimes
needed), and then prepare to run it (by saving an image backup first).
It downloaded okay. I can't test running it because I don't have any
Windows 7 hosts at home, anymore. Instead of downloading AND installing
in one step, see if you get different results by downloading only, and
then double-clicking the .msu file in File Explorer. Before running it,
I would disable any AV software, except Defender, and AVs can interfere
with installations.

I see you hit one of those dependencies for an update (Windows Modules
Installer) that the WU client would've taken care of due to the manifest
for the update. Personally, if I were still running Windows 7, and for
personal use, I wouldn't care about the Print Nightmare patch. That's
only when allowing remote access to the print spooler. Do you allow
remote access to your printers from the Internet (i.e., outside your
intranetwork)? I'd just wait until WU offered the update.

On Tue, 13 Jul 2021 11:23:45 -0400, Paul wrote:

> I followed the link provided by JuanSbrado-3258, downloaded the
> Servicing Stack Update from the MS Update Catalog, and installed
> this MSU (KB4592510).
>
> https://support.microsoft.com/en-us/help/4592510/servicing-stack-update
>
> After installing the Servicing Stack Update, I am now able to install
> the KB5004953 update.
>
> Thank you JuanSabrado-3258."
>
> It appears to be (partially) an SSU issue.

I installed the SSU OK. Installation of the Security Update went through to
the point of restarting; as it booted up it failed and rolled back. Tried
twice, same result.
--
Peter.
The gods will stay away
whilst religions hold sway

On Tue, 13 Jul 2021 04:06:56 -0400, Paul wrote:
>
> Jo-Anne wrote:
>
> >> "We recommend that you install these updates immediately," the company
> >> said.
> >>
> >> <https://www.ksl.com/article/50203184/microsoft-issues-urgent-security-warning-update-your-pc-immediately>
> >>
> > Any idea of where the update is for Windows 7? The article doesn't seem
> > to say.
>
> https://www.digitaltrends.com/computing/how-to-fix-print-nightmare-on-windows-right-now/
>
> Windows 11 = 22000.65
> Windows 8.1 = KB5004954
> Windows 7 = KB5004953
>
> But if you look at this right now, it's a bit of a mess.

Woody Leonhardt says as much on askwoody.com. (He was our guru during
MS's years-long effort to "upgrade" Windows 7 installations to
Windows 10 by stealth.)

By searching
printnightmare site:askwoody.com
I found
https://www.askwoody.com/2021/print-nightmare-is-going-to-be-a-
nightmare/

Woody points out that "this [PrintNightmare] is a big deal on domain
controllers ? not so much on stand alone computers." So that's one
large group of Win 7 users off the hook.

He goes on to say that PrintNightmare " allows attackers to wiggle in
via a remote authenticated user and raise the rights of that
account." But if you recall, Windows 7 Home doesn't allow remote
logins,(*) so Windows 7 Home users would seem to be safe. If you have
one of the business editions of Windows 7, and you're not logging in
to your computer remotely, you can just disable Remote Desktop
_server_ (which you should probably do anyway, on general security
principles) and you should be fine.

So the only Windows 7 folks who seem to be vulnerable are those who
allow remote logins into their computer and have the print spooler
both enabled. I don't deny it's a serious vulnerability for them, but
near the end of the article Woods links to a workaround from TrueSec.

(*) All versions of Windows 7 have Remote Desktop _client_, by which
you can use your computer as a terminal to log in to a remote
computer. That's kind of Remote Desktop is not vulnerable.

--
Stan Brown, Tehachapi, California, USA https://BrownMath.com/
https://OakRoadSystems.com/
Shikata ga nai...

On Tue, 13 Jul 2021 08:01:07 -0400, Mayayana wrote:
>
> "Michael Trew" <mt999999@ymail.com> wrote
>
> | Microsoft issues urgent security warning: Update your PC immediately
> |
>
> Once again, problems with allowing remote access to your
> computer. That's the real problem.

History is made: I agree with you, Mayayana. :-)

--
Stan Brown, Tehachapi, California, USA https://BrownMath.com/
https://OakRoadSystems.com/
Shikata ga nai...

On 13 Jul 2021 13:48:22 GMT, Frank Slootweg wrote:
> Another approach would be a trusted sites which 'attacks' your
> computer to report any unneeded inbound connections/ports.
>

grc.com, and follow "Shields Up!"

--
Stan Brown, Tehachapi, California, USA https://BrownMath.com/
https://OakRoadSystems.com/
Shikata ga nai...

On 7/12/2021 8:00 PM, Michael Trew wrote:
> Microsoft issues urgent security warning: Update your PC immediately
>
>
> Microsoft is urging Windows users to immediately install an update
> after security researchers found a serious vulnerability in the
> operating system.
>
> The security flaw, known as PrintNightmare, affects the Windows Print
> Spooler service. Researchers at cybersecurity company Sangfor
> accidentally published a how-to guide for exploiting it.
>
> The researchers tweeted in late May that they had found
> vulnerabilities in Print Spooler, which allows multiple users to
> access a printer. They published a proof-of-concept online by mistake
> and subsequently deleted it - but not before it was published
> elsewhere online, including developer site GitHub.
>
> Microsoft warned that hackers that exploit the vulnerability could
> install programs, view and delete data or even create new user
> accounts with full user rights. That gives hackers enough command and
> control of your PC to do some serious damage.
>
> Windows 10 is not the only version affected -- Windows 7, which
> Microsoft has ended support for last year, is also subject to the
> vulnerability.
>
> Despite announcing that it would no longer issue updates for Windows
> 7, Microsoft issued a patch for its 12-year-old operating system,
> underscoring the severity of the PrintNightmare flaw. Updates for
> Windows Server 2016, Windows 10, version 1607, and Windows Server 2012
> are "expected soon," it said.
>
> "We recommend that you install these updates immediately," the company
> said.
>
> <https://www.ksl.com/article/50203184/microsoft-issues-urgent-security-warning-update-your-pc-immediately>
>

I successfully installed the Servicing stack update (KB4592510). To be
sure, I then did a warm reboot. Then I tried to install the Print
Spooler update (KB5004951) for Windows 7 Ultimate SP1 x64.

When I did a warm reboot, I got the message that configuring the update
failed and the update was being removed. This was during the boot up
after the shutdown.

The failed update file that I tried is
windows6.1-kb5004951-x64_2fcf9eaa66615884884cc1cb9f75fc96294cbf2a.msu

Do I have the wrong file? If not, what did I do wrong?

--
David E. Ross
<http://www.rossde.com/>

At the recent Conservative Political Action Conference in Texas,
a featured speaker urged the mostly Republican attendees to
avoid COVID-19 vaccines. Good! There will be fewer live
Republican voters in 2022.

David E. Ross wrote:
> On 7/12/2021 8:00 PM, Michael Trew wrote:
>> Microsoft issues urgent security warning: Update your PC immediately
>>
>>
>> Microsoft is urging Windows users to immediately install an update
>> after security researchers found a serious vulnerability in the
>> operating system.
>>
>> The security flaw, known as PrintNightmare, affects the Windows Print
>> Spooler service. Researchers at cybersecurity company Sangfor
>> accidentally published a how-to guide for exploiting it.
>>
>> The researchers tweeted in late May that they had found
>> vulnerabilities in Print Spooler, which allows multiple users to
>> access a printer. They published a proof-of-concept online by mistake
>> and subsequently deleted it - but not before it was published
>> elsewhere online, including developer site GitHub.
>>
>> Microsoft warned that hackers that exploit the vulnerability could
>> install programs, view and delete data or even create new user
>> accounts with full user rights. That gives hackers enough command and
>> control of your PC to do some serious damage.
>>
>> Windows 10 is not the only version affected -- Windows 7, which
>> Microsoft has ended support for last year, is also subject to the
>> vulnerability.
>>
>> Despite announcing that it would no longer issue updates for Windows
>> 7, Microsoft issued a patch for its 12-year-old operating system,
>> underscoring the severity of the PrintNightmare flaw. Updates for
>> Windows Server 2016, Windows 10, version 1607, and Windows Server 2012
>> are "expected soon," it said.
>>
>> "We recommend that you install these updates immediately," the company
>> said.
>>
>> <https://www.ksl.com/article/50203184/microsoft-issues-urgent-security-warning-update-your-pc-immediately>
>>
>
> I successfully installed the Servicing stack update (KB4592510). To be
> sure, I then did a warm reboot. Then I tried to install the Print
> Spooler update (KB5004951) for Windows 7 Ultimate SP1 x64.
>
> When I did a warm reboot, I got the message that configuring the update
> failed and the update was being removed. This was during the boot up
> after the shutdown.
>
> The failed update file that I tried is
> windows6.1-kb5004951-x64_2fcf9eaa66615884884cc1cb9f75fc96294cbf2a.msu
>
> Do I have the wrong file? If not, what did I do wrong?
>

Read between the lines, here.

Looks like we're going to need to do innumerable
experiments to get this piece of crap to work!!!

https://support.microsoft.com/en-us/topic/july-6-2021-kb5004951-security-only-update-out-of-band-e05a81cd-9b45-4622-b715-ddb2367bca47

"Failure to configure Windows updates.
Reverting Changes.
Do not turn off your computer"

If you do not have an ESU MAK
add-on key installed and activated. <=== paid version of W7 past-2020
support

Does disingenuous Microsoft strike again ?

Now, you have a new hobby. Trying stuff
until an update stays put. Maybe the bloated
version will install ? Or, maybe not.

Paul

PeterC wrote:
> On Tue, 13 Jul 2021 11:23:45 -0400, Paul wrote:
>
>> I followed the link provided by JuanSbrado-3258, downloaded the
>> Servicing Stack Update from the MS Update Catalog, and installed
>> this MSU (KB4592510).
>>
>> https://support.microsoft.com/en-us/help/4592510/servicing-stack-update
>>
>> After installing the Servicing Stack Update, I am now able to install
>> the KB5004953 update.
>>
>> Thank you JuanSabrado-3258."
>>
>> It appears to be (partially) an SSU issue.
>
> I installed the SSU OK. Installation of the Security Update went through to
> the point of restarting; as it booted up it failed and rolled back. Tried
> twice, same result.

See reply to David Ross. Looks like 4951 may need an
ESU MAK. That's $$$ paid extra support for Windows 7
enterprise users or the like. They buy an additional
license key, to get extended support.

We're going to need some "success stories" from
somewhere, to see if the bloated version (the Cumulative)
is the only thing that works for regular Windows7 users.

Paul