Windows 10 KB5004945 emergency update is rolling out to address a new Windows zero-day vulnerability called “PrintNightmare”. According to reports, PrintNightmare vulnerability is being actively exploited by attackers to achieve local privilege and remote code execution on affected machines.

Microsoft has now started rolling out out-of-band Windows updates to remedy a PrintNightmare security bug affecting all supported versions of Windows 10.

KB5004945 is a new mandatory security update for those on v2004 or newer. This patch will download/install automatically on Windows 10 Home, Pro and other editions. For those using Windows 10 version 1909 (November 2019 Update), they’ll be getting KB5004946 and this patch will also install automatically depending on update policies.

For Windows 10 version 1809 and Windows Server 2019, there’s a different patch – KB5004947.

List of PrintNightmare updates released for Windows:

  1. Version 21H1, 20H1, 2004 – KB5004945.
  2. Version 1909 – KB5004946.
  3. Version 1809 and Windows Server 2019 – KB5004947.
  4. Version 1803 – KB5004949.
  5. Version 1507 – KB5004950.
  6. Windows 8.1 and Windows Server 2012 – KB5004954 and KB5004958 (security only).
  7. Windows 7 SP1 and Windows Server 2008 R2 SP1 – KB5004953 and KB5004951 (security only)
  8. Windows Server 2008 SP2 – KB5004955 and KB5004959 (security only).

As mentioned, Windows 10 version 2004 and newer will be getting the following Windows Update when they check for updates today:

2021-07 Cumulative Update for Windows 10 Version 21H1 for x64-based Systems (KB5004945)

KB5004945 update

This update will advance the build number to Build 19043.1083 (19042.1083 or 19041.1083).

How to fix PrintNightmare vulnerability on Windows 10

To fix PrintNightmare vulnerability, follow these steps:

  1. Open Windows Settings > Updates & Security > Windows Update.
  2. Click on “Check for updates“.
  3. A new July patch will automatically start downloading on your device.
  4. Click on “Restart now” after the patch is downloaded.

Alternatively, you can manually download the offline installers from the Microsoft Update Catalog.

Download Links for Windows 10 KB5004945

Windows 10 KB5004945 Direct Download Links: 64-bit and 32-bit (x86).

On Microsoft Update Catalog, you can find offline installers to any Windows Update. To find the update, click on the search box and enter the KB number. Next to the correct version/edition of Windows, click on hit the “Download” button. This will open a new window in your browser.

To begin the download, copy the .msu link and paste it into another tab.

KB5004945 – Windows PrintNightmare emergency update

The patch consists of various fixes geared towards addressing issues with Windows printer vulnerability that could allow an attacker to bypass the software security protections on affected devices.

The PrintNightmare bug affects Print Spooler which is a service responsible for managing all print jobs for hardware printers or print servers. This feature is enabled default on all Windows machines including Home and Pro editions, and it can be abused by attackers to remotely execute code. If exploited, attackers would gain full access to a domain controller.

Microsoft is advising users to install the emergency on affected devices as soon as possible.

“An Out-of-band update has been released to address a remote code execution exploit in the Windows Print Spooler service. We recommend you update your device as soon as possible,” the company said in a statement.

As mentioned at the outset, if you don’t want to install the emergency update, there’s a second workaround – disable Windows Print Spooler service.

How to mitigate Print Spooler PrintNightmae

To disable Print Spooler service to fix the PrintNightmare vulnerability, follow these steps:

  1. Open Windows Search.
  2. Type PowerShell and run it as “administrator”.
  3. Type the following command: Stop-Service -Name Spooler -Force
    Windows PrintNightmare bug
  4. Press enter.
  5. Type the following command: Set-Service -Name Spooler -StartupType Disabled
    Disable Print Spooler
  6. Press enter.

When you run the above two commands, Windows will disable and prevent the Print Spooler service from starting again.

For remaining supported versions of Windows, Microsoft is planning to release the emergency patch in the coming days. If you skip today’s patch, you’ll receive the same fix in July’s Patch Tuesday updates, which will begin rolling out next week (July 13).