Microsoft has released the KB5004948 emergency security update to address the Windows Print Spooler PrintNightmare vulnerability on all editions of Windows 10 1607 and Windows Server 2016.

“An update has now been released for all affected versions of Windows that are still in support,” Microsoft said in the Windows message center.

The PrintNightmare bug tracked as CVE-2021-34527 enables attackers to take over affected servers via remote code execution (RCE) with SYSTEM privileges.

Detailed steps on how to install these out-of-band security updates are available in the support documents linked below:

“Microsoft recommends that you immediately install this update on all supported Windows client and server operating system, starting with devices that currently host the print server role,” the company added.

“You also have the option to configure the RestrictDriverInstallationToAdministrators registry setting to prevent non-administrators from installing signed printer drivers on a print server. For more information, see KB5005010.”

Microsoft’s PrintNightmare security patch is incomplete

While Microsoft says these security updates address the PrintNightmare vulnerability, security researchers have discovered that the patch is incomplete and it can be bypassed to achieve both remote code execution and local privilege escalation with the official fix installed.

However, 0patch has released free PrintNightmare micropatches on Friday that can sucessfully block attempts to exploit the vulnerability.

Windows users and admins are recommended to do one of the following until a working patch from Microsoft is released:

CISA has also published a notification on the PrintNightmare zero-day last week encouraging security professionals to disable the Windows Print Spooler service on systems not used for printing.

BleepingComputer has reached out to Microsoft regarding these security updates but has not heard back at this time.