Microsoft has issued an urgent security update to combat a newfound vulnerability. PrintNightmare is a security flaw that opens up the Windows computer's operating system to hackers. It also gives malicious actors admin rights and remote control over your device.
The said security flaw takes over a computer's Windows Print Spooler, a service that allows multiple users to access a printer. Researchers from cybersecurity firm Sangfor were the first to discover this vulnerability.
The team created a proof-of-concept (POC) to test the PrintNightmare vulnerabilities. They listed down all the details of the test, which includes a step-by-step guide how to hack Windows printers. Unfortunately, malicious actors started using these reports for their own benefit, launching their own attacks against Windows 10 users.
This report was immediately taken down. Unfortunately, as it is typical with any internet post, screenshots and republication of the report quickly spread everywhere--including the developer site GitHub.
We deleted the POC of PrintNightmare. To mitigate this vulnerability, please update Windows to the latest version, or disable the Spooler service. For more RCE and LPE in Spooler, stay tuned and wait our Blackhat talk. https://t.co/heHeiTCsbQ— zhiniang peng (@edwardzpeng) June 29, 2021
Since deleting the POC for PrintNightmare is impossible, the company emphasized that Windows should release security updates or users should disable their Spooler service to stay safe.
Windows OS Security Flaw Could Expose Your Data to Hackers
The security flaw affects not only Windows 10 but also its previous generation, Windows 7. CNN Business noted that Microsoft officially ended its support for Windows 7 last year. However, since PrintNightmare is an extremely severe problem, Microsoft included the 12-year-old operating system in the security patch development. OS using Windows Server 2016, Windows 10 version 1607 and Windows Server 2012 will have their own security update sometime soon.
Double Pulsar added a few more details for the PrintNightmare attack.
PrintNightmare gets a Common Vulnerabilities and Exposures (CVE ID) code called CVE-2021-1675. It exploits the RpcAddPrinterDriver that oversees remote printing scenarios and driver installation. It also takes advantage of your Default Administration rights and Print Operators.
YouTuber Lawrence Systems made an excellent analogy for the situation. He said that print drivers are automatically installed to your OS to help you avoid the installation process. This, however, implies that a system with admin rights outside your immediate controls systematically accepts a new printer being plugged in. PrintNightmare hijacks these rights. Afterwards, hackers get control to install their own malicious software and drivers to your computer!
Download Microsoft's PrintNightmare Fix Now!
The Sun reported that Microsfot has immediately issued its fixes for Windows 10 and Windows 7. The good news is its updates are cumulative, so previous fixes and security issues would be added to the recent patch.
Updating your Windows is easy. Load up your computer, open "Settings" and "Windows Update Settings," and click on "Search for new Updates." If there are any new updates, immediately install them. The process might take a few minutes, depending on your internet connection. Lastly, you might be required to restart your computer to finish the process.
If you do not find any updates, then don't worry, Microsoft might have automatically installed its updates already.
Keep an eye out for more updates and tips coming from the internet. There might be more vulnerabilities and security issues discovered on windows at a later date.