Microsoft has issued a critical software update for Windows machines after security researchers discovered a serious vulnerability known as PrintNightmare.
The vulnerability affects the Print Spooler functionality, which enables multiple users to access the same printer. “We recommend that you install these updates immediately,” Microsoft said.
Cybersecurity company Sangfor had published their findings in May and, accidentally, published a report which included a guide to exploiting the flaw for Windows 7 and Windows 10. It was deleted by the company, but not before it was published to Github, giving bad actors a neat little bow-tied how-to guide for the vulnerability which has remained live since.
Microsoft said those who could exploit the flaw could commandeer a PC to install programs and create new user accounts with administrator privileges. That could do serious damage to the best laptops, limit owners’ ability to control the machine and could lead to harmful data theft and exploitation.
In a post on the Microsoft Security Blog, the company wrote: “Today Microsoft released an Out-of-Band (OOB) security update for CVE-2021-34527, which is being discussed externally as PrintNightmare. This is a cumulative update release, so it contains all previous security fixes and should be applied immediately to fully protect your systems.
“The fix that we released today fully addresses the public vulnerability, and it also includes a new feature that allows customers to implement stronger protections.”
You might like…
The new feature restricts the installation of new printer drivers following the update, enabling users to protect their machines moving forward.
Some Windows Server versions will get the update soon, but everyone else will be able to download the update via the usual Windows Update version. The vulnerability does not appear to affect machines running the Windows 11 preview builds because Microsoft has not released the patch for those betas.
The launch of the patch for Windows 7 is good news for those who haven’t updated, considering Microsoft has long halted official support for the legacy OS.
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.