Microsoft is urging Windows users to immediately install an update after security researchers found a serious vulnerability in the operating system.
The security flaw, known as PrintNightmare, affects the Windows Print Spooler service. Researchers at cybersecurity company Sangfor accidentally published a how-to guide for exploiting it.
The researchers tweeted in late May that they had found vulnerabilities in Print Spooler, which allows multiple users to access a printer. They published a proof-of-concept online by mistake and subsequently deleted it — but not before it was published elsewhere online, including developer site GitHub.
We deleted the POC of PrintNightmare. To mitigate this vulnerability, please update Windows to the latest version, or disable the Spooler service. For more RCE and LPE in Spooler, stay tuned and wait our Blackhat talk. https://t.co/heHeiTCsbQ
— zhiniang peng (@edwardzpeng) June 29, 2021
Microsoft (MSFT) warned that hackers that exploit the vulnerability could install programs, view and delete data or even create new user accounts with full user rights. That gives hackers enough command and control of your PC to do some serious damage.
Windows 10 is not the only version affected — Windows 7, which Microsoft has ended support for last year, is also subject to the vulnerability.
Despite announcing that it would no longer issue updates for Windows 7, Microsoft issued a patch for its 12-year old operating system, underscoring the severity of the PrintNightmare flaw. Updates for Windows Server 2016, Windows 10, version 1607, and Windows Server 2012 will are “expected soon,” it said.
“We recommend that you install these updates immediately,” the company said.
-
The Importance of Prayer: How a Christian Gold Company Stands Out by Defending Americans’ Retirement
Many security experts remain alarmed about the large, Chinese-linked hack of Microsoft’s Exchange email service a week after the attack was first reported.
Thank you for this valuable information
For myself I’m in the process of modernizing several Amiga computers.
All my important Computers run Linux, Windows is just for paying games and it doesn’t do that well.
@ Prisoner,
I have a Linux install disc on a spindle somewhere that has a GUI that looks just like Winsatan and the Guru once had a dual OS box that people thought was WINCCP when it was actually Linux.
The Guru was blind and used command line Linux with a voice box but his wife could see just a little bit with a black and white screen with command line and talk box.
He used to call me sighty and we would laugh and only after partaking of some party supplies could I understand the voice box.
The best thing about Linux is you don’t need some quad core CPU with 80gb of RAM machine with $2000 video card but is not a gaming OS.
I’m still using Win 7 and have never installed their updates. What should be secured is Java scripting, but that would prevent Government Agencies gaining access to computers. The spoolsv has had issues for a long time.