News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

Daily Archives: July 6, 2021

  • Out of band for Print Nightmare is out

    Posted on July 6th, 2021 at 16:22 Comment on the AskWoody Lounge

    Remember the print nightmare post from the other day?  Microsoft has released out of band updates to fix the issue.

    “CVE updated to announce that Microsoft is releasing an update for several versions of Window to address this vulnerability. Updates are not yet available for Windows 10 version 1607, Windows Server 2016, or Windows Server 2012. Security updates for these versions of Windows will be released soon. Other information has been updated as well. This information will be updated when more information or updates are available”

    If you are a home user, I don’t see a need to rush this patch on. If you are a MSP or IT professional, and you haven’t already disabled the print spooler on your domain controllers – look for these updates. ( I don’t think they’ve been fully posted yet)

    “Prior to installing the July 6, 2021, and newer Windows Updates containing protections for CVE-2021-34527, the printer operators’ security group could install both signed and unsigned printer drivers on a printer server. After installing such updates, delegated admin groups like printer operators can only install signed printer drivers. Administrator credentials will be required to install unsigned printer drivers on a printer server going forward.”

    Edit on 7/7/2021:  Seeing it start to trend that Zebra label printers can’t print after installing this update.  I’m going to flip DefCon to 2 to be safe.

    Edit on 7/7/2021 12:10:  Lawrence from Bleepingcomputer indicates that the patch doesn’t fully protect from “local privilege esPrintNightmare calation” attacks.  If you have enabled any “Point and print” options you may still be vulnerable even with the update installed.  “To bypass the patch and achieve RCE and LPE, a Windows policy called ‘Point and Print Restrictions’ must be enabled, and the “When installing drivers for a new connection” setting configured as “Do not show warning on elevation prompt.”  Note I have not done this on any local printer or network printer under my control – so my guess is that most of us won’t have to worry about this corner case.

    Edit 7/10/2021: Microsoft is saying that the issue with usb based label printers (Zebra and Duo) isn’t caused by this specific update but from earlier updates and we just didn’t realize it. They have implemented the “known issue rollback” process where the non security bits causing the issue are automatically rolled back.


  • July 2021 Office non-Security updates are now available

    Posted on July 6th, 2021 at 13:11 Comment on the AskWoody Lounge

    The July 2021 Office non-Security updates have been released Tuesday, July 6, 2021. They are not included in the DEFCON-4 approval for the June 2021 patches. Unless you have a specific need to install them, you should wait until Susan Bradley (Patch Lady) approves them and any problems have been reported.

    Remember, Susan’s patching sequence and recommendations are based on a business environment that has IT support and may have time constraints on the updating process. Consumer patching should be more cautious due to limited technical and mechanical resources. The latter is the reason for the AskWoody DEFCON system.

    Office 2016
    Update for Microsoft Office 2016 (KB5001971)
    Update for Microsoft Outlook 2016 (KB5001980)

    There were no non-security listings for Office 2010 (which reached EOS on October 13, 2020) nor for Office 2013.
    On April 10, 2018, Office 2013 reached End of Mainstream Support. Extended Support will end for Office 2013 on April 11, 2023.
    Office 2016 also reached  End of Mainstream Support on October 13, 2020. EOS for Office 2016 is October 14, 2025.

    Updates are for the .msi version (perpetual). Office 365 and C2R are not included.

    Security updates for all supported versions of Microsoft Office are released on the second Tuesday of the month (Patch Tuesday).