Microsoft issues security warning urging Windows users to update PCs
The security flaw, known as PrintNightmare, affects the Windows Print Spooler service. Researchers accidentally published a how-to guide for exploiting it.
Microsoft warned that hackers that exploit the vulnerability could install programmes, view and delete data or even create new user accounts with full user rights. That gives hackers enough command and control of your PC to do some serious damage.
Windows 10 is not the only version affected — Windows 7, which Microsoft has ended support for last year, is also subject to vulnerability. Despite announcing that it would no longer issue updates for Windows 7, Microsoft issued a patch for its 12-year old operating system, underscoring the severity of the PrintNightmare flaw. Updates for Windows Server 2016, Windows 10, version 1607, and Windows Server 2012 are “expected soon,” it said.
“We recommend that you install these updates immediately,” the company said.
Satnam Narang, staff research engineer at Tenable, said Microsoft’s patch warrants urgent attention because of the vulnerability’s ubiquity across organizations and the prospect that attackers could exploit this flaw in order to take over a Windows domain controller.
“We expect it will only be a matter of time before it is more broadly incorporated into attacker toolkits,” Narang said. “PrintNightmare will remain a valuable exploit for cybercriminals as long as there are unpatched systems out there, and as we know, unpatched vulnerabilities have a long shelf life for attackers.”
In a blog post, Microsoft’s Security Response Center said it was delayed in developing fixes for the vulnerability in Windows Server 2016, Windows 10 version 1607, and Windows Server 2012. The fix also apparently includes a new feature that allows Windows administrators to implement stronger restrictions on the installation of printer software.
“Prior to installing the July 6, 2021, and newer Windows Updates containing protections for CVE-2021-34527, the printer operators’ security group could install both signed and unsigned printer drivers on a printer server,” reads Microsoft’s support advisory. “After installing such updates, delegated admin groups like printer operators can only install signed printer drivers. Administrator credentials will be required to install unsigned printer drivers on a printer server going forward.”
Windows 10 users can check for the patch by opening Windows Update. Chances are, it will show what’s pictured in the screenshot below — that KB5004945 is available for download and install. A reboot will be required after installation.
Microsoft has faced a wave of scrutiny over reported security issues, including last year when the National Security Agency told the tech giant that a flaw in its Windows system could allow hackers to pose as software companies.
The Russian state-sponsored SolarWinds hack also targeted Microsoft, along with nine U.S. federal agencies and dozens of private sector groups.
In March, Microsoft announced that it had found new vulnerabilities in its Exchange Server program, adding at the time that it had assessed with “high confidence” that a hacking group known as HAFNIUM, a Chinese state-sponsored group, was exploiting the vulnerabilities.
Anne Neuberger, the deputy national security adviser for cyber and emerging technology, said late last month that roughly 140,000 organizations were left vulnerable to attack by HAFNIUM and other groups, though she said Microsoft quickly released a patch that reduced this number to less than 10 within a week.
While the US has not formally attributed the exploitation, Neuberger said the Biden administration was looking to do so “in the coming weeks.”