Windows issued an emergency software update to quash a security bug that’s been dubbed “PrintNightmare,”. This calls was as a of critical vulnerability detected in all supported versions of Windows capable of being exploited. The vulnerability, PrintNightmare, was revealed last week, after security researchers accidentally published proof-of-concept (PoC) exploit code. Microsoft immediately issued the out-of-band security updates to address this flaw, and has rated it ascritical as attackers can remotely execute code with system-level privileges on affected machines. Microsoft warned that hackers that exploit the vulnerability could install programs, view and delete data or even create new user accounts with full user rights. That gives hackers enough command and control overPCs to do some serious damage.
The security flaw, PrintNightmare, affects the Windows Print Spooler service. As the Print Spooler service runs by default on Windows, Microsoft has had to issue patches for Windows Server 2019, Windows Server 2012 R2, Windows Server 2008, Windows 8.1, Windows RT 8.1, and a variety of supported versions of Windows 10. However that’s not all— Windows 7, which Microsoft has ended support for last year, is also subject to this vulnerability. Despite announcing it would no longer issue updates for Windows 7, Microsoft issued a patch for this12-year old operating system, underscoring the severity of the PrintNightmare flaw. Updates for Windows Server 2016, Windows 10, version 1607, and Windows Server 2012 should be “expected soon,” due to a fix says Microsoft through a blog post. The fix apparently includes a new feature that allows Windows administrators to implement stronger restrictions on the installation of printer software.
Notably, Microsoft hasn’t released a patch for Windows 11. Its newest operating system, due out soon, is currently available to beta testers only. Windows 11 comes six years after Microsoft last overhauled its operating system with Windows 10, a major update that’s now running on around 1.3 billion devices worldwide, according to CCS Insight.
Satnam Narang, staff research engineer at Tenable, said Microsoft’s patch warrants urgent attention because of the vulnerability’s across organizations and the prospect that attackers could exploit this flaw in order to take over a Windows domain controller. “We expect it will only be a matter of time before it is more broadly incorporated into attacker toolkits,” Narang said. “PrintNightmare will remain a valuable exploit for cybercriminals as long as there are unpatched systems out there, and as we know, unpatched vulnerabilities have a long shelf life for attackers.”
Microsoft recommends Windows users install these updates immediately to avoid been compromised. “The security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as ‘PrintNightmare’, documented in CVE-2021-34527”says Microsoft.