Microsoft has warned Windows users about an unpatched security flaw in the Windows Print Spooler service.
The vulnerability, dubbed PrintNightmare, was revealed earlier this week. That’s after security researchers mistakenly published a proof-of-concept PoC exploit.
Although Microsoft has not classified the vulnerability, it does allow attackers to execute remote code with system-wide privileges. Which is critical in Windows.
And theSpread The researchers at Sangfor exploited the proof-of-concept, in what appears to have been a mistake, or misunderstanding between the researchers and Microsoft. The test code was quickly deleted. But it is now on GitHub.
Sangfor . researchers were are planning to detail several security vulnerabilities in the Windows Print Spooler service at the annual Black Hat Security Conference later this month.
The researchers seem to believe that Microsoft has fixed this vulnerability. And that’s after the company published patches for a separate flaw in Windows Print Spooler.
Also Read: Xerox Software Provides Instant Tips for Smart, Green Printing
It took Microsoft a few days to issue an alert about the vulnerability, and the company warned customers that it was being actively exploited.
The vulnerability allows attackers to use remote code execution, so it is likely that the attackers will be able to install programs, modify data and create new accounts with full administrator rights.
Read also: Canon supports Google Cloud Print للطباعة
Microsoft warns of a vulnerability
you acknowledge Microsoft says that the code that contains the vulnerability is present in all versions of Windows. But it is not clear if it is exploitable outside of server versions of Windows.
The Print Spooler service is turned on by default in Windows. Including client versions of the operating system, domain controllers, and many instances of Windows Server as well.
Read also: HP participates strongly in GITEX Dubai 2007
Microsoft is working on a patch, but until it becomes available, the company recommends disabling the Windows Print Spooler service, or disabling internal printing remotely through Group Policy.
The Cybersecurity and Infrastructure Security Agency (CISA) has recommended that administrators disable the Windows Print Spooler service on domain controllers and systems that do not print.
Also Read: Xerox Adopts Adobe PDF Print Player
Vulnerabilities in the Windows Print Spooler service have been a nuisance to system administrators for years.
The most famous example was the Stuxnet virus. Stuxnet used several one-day exploits, including the Windows Print Spooler flaw, to destroy several of Iran’s nuclear centrifuges over a decade ago.