Microsoft released an alert on Friday (2) about a critical security flaw detected in all versions of its operating system. It is a vulnerability called PrintNightmare that allows full access to the computer by malicious people.
Located, as the name implies, in Windows Print Spooler, the flaw was improperly publicized by researchers at Chinese security company Sangfor. The company recently published the PoC, which is a demonstration of the possibility of validating the exploit, without contacting Microsoft.
Thinking that the Windows owner had already fixed the problem, the researchers quickly erased the “proof of concept”, but it was too late. The test code had been leaked onto GitHub, a source code hosting platform open to all programmers or users, working on projects all over the world.
We deleted the POC of PrintNightmare. To mitigate this vulnerability, please update Windows to the latest version, or disable the Spooler service. For more RCE and LPE in Spooler, stay tuned and wait our Blackhat talk. https://t.co/heHeiTCsbQ
— zhiniang peng (@edwardzpeng) June 29, 2021
The Risks of PrintNightmare Failure
Alerted on Tuesday, June 29, Microsoft still took a while to issue the alert to prevent a possible “zero-day” exploit — a hacker attack orchestrated on the same day a system weakness is discovered, before it the supplier has time to make a fix available. According to the company, the vulnerability ended up being used by malicious agents.
Failures in Print Spooler, the component responsible for communicating with printers in the operating system, are particularly dangerous. The instance works at the highest level of privilege, which allows remote code execution (RCE), and subsequent installation of programs, accessing and changing data, as well as creating new accounts with administrator rights.
Microsoft is already “running” to release a patch, but until the update is available, the company recommends that users disable Windows Print Spooler, or remote inbound printing, by temporarily disabling Group Policy.
Check out more details about the vulnerability and how to prevent attacks on the Microsoft security website.