Another round of bug fixes for both Window and Office including an update to the PrintNightmare fix.
PrintNightmare is a serious security breach found in all versions of Windows and Windows Server back to Windows 7.
The original ‘out of band’ patch was flawed, stopping some USB printers completely. A patch has now been included in the monthly July 2021 rollup. That means most Windows computers will be protected automatically via Windows Update.
There is a registry key setting which can bypass the PrintNightmare fix and allow access to the computer. For most people this isn’t a concern because the default setting is more secure. Details in our PrintNightmare coverage.
Security Feature Bypass
Microsoft isn’t saying much about this security bug, perhaps because even the title of CVE-2021-34469 is quite embarrassing:
Microsoft Office Security Feature Bypass Vulnerability
There’s a way for a hacked document to workaround one of the Office security protections and get into your computer. Ouch.
There are bug fixes now available for Office 2013, Office 2016 and Office 2019.
And the rest …
Most of the Office software security bugs related to SharePoint. There is yet another ‘Remote Code Execution’ bug, this time involving Excel documents.
As usual, use Windows / Microsoft Update to patch your computer and your risk of intrusion is greatly decreased. Office 365 ‘Click to Run’ is updated silently in the background unless you’ve paused updating.
It’s no replacement for vigilance. Be wary of incoming documents and phishing emails. Use Two Factor Authentication. Cross at the lights. Call your mother.