*Microsoft is urging Windows users to install an update after researchers found a serious security flaw in the operating system.
Here’s more from CNN:
The security flaw, known as PrintNightmare, affects the Windows Print Spooler service. Researchers at cybersecurity company Sangfor accidentally published a how-to guide for exploiting it. The researchers tweeted in late May that they had found vulnerabilities in Print Spooler, which allows multiple users to access a printer. They published a proof-of-concept online by mistake and subsequently deleted it — but not before it was published elsewhere online, including developer site GitHub.
We deleted the POC of PrintNightmare. To mitigate this vulnerability, please update Windows to the latest version, or disable the Spooler service. For more RCE and LPE in Spooler, stay tuned and wait our Blackhat talk. https://t.co/heHeiTCsbQ
— zhiniang peng (@edwardzpeng) June 29, 2021
According to the report, Windows 7 is also subject to the vulnerability. Microsoft ended support for the operating system last year but issued a patch for it due to the severity of the PrintNightmare flaw.
Updates for Windows Server 2016, Windows 10, version 1607, and Windows Server 2012 will are “expected soon,” the company said, per the report.
“We recommend that you install these updates immediately,” the company said.
A message shared on the company’s blog states:
The fix that we released today fully addresses the public vulnerability, and it also includes a new feature that allows customers to implement stronger protections. Please note that not all versions of the update are available today as some packages are not quite ready for release. We feel that it is important to provide security updates as quickly as possible for systems that we can confidently protect today. Unfortunately, security updates for Windows Server 2016, Windows 10, version 1607, and Windows Server 2012 will be delayed for a short period, but they are expected soon.
Microsoft (MSFT) has warned that hackers can exploit the vulnerability by installing programs, “view and delete data or even create new user accounts with full user rights,” the outlet writes.