Software giant Microsoft is urging Windows users to immediately install an update on their personal computers (PCs) after security researchers found a serious vulnerability in the operating system, and this security flaw, known as PrintNightmare, affects the Windows Print Spooler service was revealed last week after security researchers accidentally published proof-of-concept (PoC) exploit code. Yes, researchers at cybersecurity company Sangfor accidentally published a how-to guide for exploiting it.
The researchers tweeted in late May that they had found vulnerabilities in Print Spooler, which allows multiple users to access a printer. They published a proof-of-concept online by mistake and subsequently deleted it — but not before it was published elsewhere online, including developer site GitHub.
Microsoft warned that hackers that exploit the vulnerability could install programs, view and delete data or even create new user accounts with full user rights. That gives hackers enough command and control of your PC to do some serious damage. Windows 10 is not the only version affected — Windows 7, which Microsoft has ended support for last year, is also subject to vulnerability.
It took Microsoft a couple of days to issue an alert about a 0-day affecting all supported versions of Windows. The PrintNightmare vulnerability allows attackers to use remote code execution, so bad actors could potentially install programs, modify data, and create new accounts with full admin rights.
Despite announcing that it would no longer issue updates for Windows 7, Microsoft issued a patch for its 12-year old operating system, underscoring the severity of the PrintNightmare flaw. Updates for Windows Server 2016, Windows 10, version 1607, and Windows Server 2012 will are “expected soon,” it said.
“We recommend that you install these updates immediately,” the company said. If there’s any good news is that the current security update is cumulative, meaning it contains previous fixes for previous security issues too. It’s the latest in a slew of security alerts from Microsoft in the past year and a half. The company has been embroiled in safety issues, including in 2020 when the National Security Agency alerted Microsoft to a major flaw in its operating system that could let hackers pose as legitimate software companies.
And this year, hundreds of thousands of Exchange users were targeted after four vulnerabilities in its software allowed hackers to access servers for the popular email and calendar service. Microsoft was also the target of a devastating SolarWinds breach. Notably, Microsoft hasn’t released a patch for Windows 11. Its newest operating system, due out soon, is currently available to beta testers. The latest operating system comes six years after Microsoft last overhauled its operating system with Windows 10, a major update that’s now running on around 1.3 billion devices worldwide, according to CCS Insight.
4 Comments
Pingback: Pentagon Scraps Microsoft’s $10 Billion 'JEDI' Cloud Computing Deal After Lawsuit From Amazon | Innovation Village | Technology, Product Reviews, Business
Pingback: Microsoft's Latest Security Flaw 'PrintNightmare' Could Have Major Repercussions | Innovation Village | Technology, Product Reviews, Business
Pingback: Microsoft Plans to Acquire Cybersecurity Startup RiskIQ as Cyber Threats Mount | Innovation Village | Technology, Product Reviews, Business
Pingback: Disable Windows Print Spooler or you could be hacked, says Microsoft | Innovation Village | Technology, Product Reviews, Business