Microsoft warns of Windows “PrintNightmare” vulnerability that’s being actively exploited

Microsoft is warning Windows users about a critical, unpatched flaw in the Windows Print Spooler service. The vulnerability, dubbed PrintNightmare, was discovered earlier this week after security researchers mistakenly posted a proof-of-concept (PoC) attack. Microsoft has not evaluated the vulnerability, but it could allow an attacker to remotely execute code with system-level privileges. This is just as important and problematic as you can get with Windows.

Sangpo Researcher PoC Post, seemingly mistaken, or in miscommunication between researchers and Microsoft. The test code was quickly deleted, but not before it was already forked on GitHub.

Researcher Sangfor planned to detail several zero-day vulnerabilities in the Windows Print Spooler service at the annual Black Hat Security Conference later this month. Researchers appear to believe that Microsoft has patched this particular vulnerability after Microsoft has published a patch for a separate Windows Print Spooler flaw.

It took several days for Microsoft to finally issue a warning about Day 0. blipping computer Reports that the company warns customers that it is being actively exploited. The vulnerability could allow an attacker to use remote code execution, allowing a malicious actor to potentially install programs, modify data, and create new accounts with full administrator privileges.

Microsoft admits that “code containing the vulnerability exists in all versions of Windows”, but it’s unclear whether it can be exploited beyond Windows Server versions. The print spooler service runs natively on Windows, including client versions of the OS, domain controllers, and many instances of Windows Server.

Microsoft is working on a patch, but until released it recommends either disabling the Windows print spooler service (if it’s an enterprise option) or disabling inbound remote printing via group policy. The Cybersecurity and Infrastructure Security Agency (CISA) has recommended that administrators “disable the Windows Print Spooler service on domain controllers and non-printing systems”.

A vulnerability in the Windows Print Spooler service has been a headache for system administrators for years. The most notorious example is the Stuxnet virus. Stuxnet used several zero-day exploits, including the Windows Print Spooler flaw, to destroy several nuclear centrifuges in Iran more than a decade ago.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Discover

Sponsor

Latest

10 things you need to know about Rolex

Rolex It is the world's most widely recognized luxury watch brand. This worldwide recognition is the product of decades of success in...

Best flagship smartphone of 2021 worldwide – Top10Brands.online

Nowadays, smartphones have become an essential part of our lives. Moreover, everyone in this age of technology wants the best mobile phone...

The best Labor Day deals happening now

this story ...

Intel’s 11th Gen Core i9 processor boosts Microsoft Flight Simulator by 20 percent

I built a new gaming PC in September. Microsoft Flight Simulator, Cyberpunk 2077, And Assassin's Creed Valhalla. Choosing Intel's Core...

OpenAI’s state-of-the-art machine vision AI is fooled by handwritten notes

Researchers at the machine learning lab OpenAI have discovered that state-of-the-art computer vision systems can be tricked into using less sophisticated...