Microsoft recently released an emergency security update to fix the actively exploited PrintNightmare zero-day vulnerability, which allows attackers to take over affected servers via remote code execution.
Security researcher, Matthew Hickey has confirmed that the patch released by Microsoft to fix the actively exploited PrintNightmare zero-day vulnerability only fixes remote code execution (RCE).
It does not resolve the local privilege escalation (LPE), both of which are used in attacks to execute commands with SYSTEM privileges on a vulnerable system.
Microsoft urges its customers to install out-of-band security updates as soon as possible to fix the vulnerability.
For more information, read the original story in Bleeping Computer.
