 |
| Microsoft warns against exploiting PrintNightmare vulnerability |
Microsoft has warned Windows users about unpatched vulnerabilities in the Windows Print Spooler service.
This vulnerability, known as PrintNightmare, was revealed earlier this week. This happened after security researchers incorrectly published a proof-of-concept PoC vulnerability.
Although Microsoft has not yet classified the vulnerability, it could allow an attacker to remotely execute code using system-wide permissions. This is necessary on Windows.
The researcher posted a proof-of-concept loophole on Sangfor that appears to be a bug or misunderstanding between the researcher and Microsoft. The test code was quickly removed. But it's on GitHub now.
Sangfor researchers plan to detail several vulnerabilities in the Windows print spooler service at Black Hat's annual security conference later this month.
Researchers seem to believe that Microsoft has addressed this vulnerability. I did this after the company released a fix for one bug in the Windows print spooler.
It took Microsoft several days to issue a warning about the vulnerability and notify customers that it was being actively exploited.
The vulnerability could allow an attacker to use remote code execution, which would potentially allow an attacker to install programs, modify data, and create new accounts with user rights.
Microsoft warns of security vulnerabilities
Microsoft is aware that code containing this vulnerability exists in all versions of Windows. However, it is not clear if it can be used outside the server version of Windows.
By default, the Windows Print Spooler service is enabled. Including the client version of the operating system, domain controllers, and many instances of Windows Server.
Microsoft is developing a hotfix, but before it becomes available, the company recommends disabling the Windows Print Spooler service or disabling internal printing remotely through Group Policy.
The Network Security and Infrastructure Agency (CISA) recommends that administrators disable the Windows Print Spooler service on domain controllers and nonprinting systems.
System administrators have been experiencing vulnerabilities in the Windows print spooler service for many years.
The best known example is the Stuxnet virus. More than a decade ago, Stuxnet used several vulnerabilities (including the Windows Print Spooler vulnerability) to disable many of Iran's nuclear centrifuges.