On a Windows 10 21H1 Enterprise VM, it had stopped the Mimikatz implementation of local privilege escalation.
#WINDOWS SERVER 2012 TERMSRV DLL PATCH UPDATE#
UPDATE July 08 10:18am ET:There have been requests for the technical information on the machine we had tested the patch on. So far, we have not seen a patch scenario that all-encompasses (1) preventing local privilege escalation, (2) preventing remote code execution and (3) allows printing. Security updates for these versions of Windows will be released soon." According to Microsoft's latest updates on July 6, "Updates are not yet available for Windows 10 version 1607, Windows Server 2016, or Windows Server 2012. This seemingly partial fix does look to prevent remote code execution, but not yet covers privilege escalation. Members of our Huntress team have validated the new patch on Windows 21H1 Enterprise, and it has stopped local privilege escalation-however, this privilege escalation still succeeds on Windows Servers. UPDATE July 07 12pm ET: On July 6, Microsoft updated their advisory on CVE-2021-34527 and released emergency patches, but the effectiveness of this security update is still under scrutiny. The June 8 Microsoft patch did not successfully resolve the issue for CVE-2021-32547 PrintNightmare, but it did resolve CVE-2021-1675. On June 21, PrintNightmare was updated to critical severity as the potential for remote code execution was uncovered. Microsoft released a patch on June 8 considering this vulnerability low in severity.
![windows server 2012 termsrv dll patch windows server 2012 termsrv dll patch](https://i2.wp.com/www.nextofwindows.com/wp-content/uploads/2009/09/termsrv_dll_thumb.png)
On June 29, Huntress was made aware of CVE-2021-1675 (now termed CVE-2021-34527), a critical remote code execution and local privilege escalation vulnerability dubbed “PrintNightmare.”