Microsoft last night acknowledged that a newly discovered vulnerability in “all versions of Windows” is being actively exploited. It’s called PrintNightmare, and it allows malicious actors to execute code remotely on Windows-based PCs. All Windows-based PCs.
“The code that contains the vulnerability is in all versions of Windows,” Microsoft says. “We are still investigating whether all versions are exploitable.”
In an interesting twist, the newly-discovered vulnerability is “similar but distinct from” a previous printing-related vulnerability that Microsoft patched earlier in June. The new vulnerability uses a different attack vector and was not discovered because of the previous vulnerability, Microsoft says, addressing an obvious question. “The vulnerability existed before the June 2021 security update” that fixed the previous vulnerability, it notes.
The new attack affects the Windows Print Spooler, which can be made to improperly perform privileged file operations. When successfully exploited, the attacker can run arbitrary code on the PC using system-level privileges. “An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” Microsoft adds.
To overcome this problem now, users and organizations should install the security updates that Microsoft released on June 8, 2021. And then read the FAQ and implement the workarounds that Microsoft provides here. The most obvious option, for now, is to stop and then disable the Print Spooler service.
Tagged with Security