There’s a new vulnerability in Windows 10 called “PrintNightmare.” It was revealed in early July 2021, and Microsoft is already rolling out an emergency security update to fix the problem. You should update as soon as you can.
Update, 7/7/21 4:42 p.m. Eastern:
According to researchers Matthew Hickey and Will Dorman, the fix that Microsoft is rolling out for PrintNightmare is not a complete solution. It only fixes the remote code execution part of the vulnerability. That means exploits can still bypass the patch and do some nasty things. We still urge you to update Windows and be ready for any new updates that come after this.
The Microsoft fix released for recent #PrintNightmare vulnerability addresses the remote vector – however the LPE variations still function. These work out of the box on Windows 7, 8, 8.1, 2008 and 2012 but require Point&Print configured for Windows 2016,2019,10 & 11(?). 🤦♂️ https://t.co/PRO3p99CFo
— Hacker Fantastic (@hackerfantastic) July 6, 2021
The vulnerability is a critical flaw in the Windows Print Spooler service. It’s similar to another vulnerability that was patched in June 2021. The worse thing about PrintNightmare is that its exploit has been shared publically, making it easier for hackers to employ.
Windows runs the Print Spooler service by default, which means it’s basically running on every Windows PC going all the way back to Windows 7. Microsoft has issued patches for certain builds of Windows 10, Windows Server 2019, Windows Server 2012 R2, Windows Server 2008, Windows 8.1, Windows RT 8.1, and Windows 7.
The security updates started rolling out on July 6, 2021, and Microsoft urges everyone to “install these updates immediately.” To check for the update on your Windows PC, go to Settings > Update & Security > Check for Updates.
Vulnerabilities and patches like this are why it’s so important to keep your operating system is up-to-date. Make sure you’re checking for and installing updates on a regular basis to keep your Windows PC secure.
Via: The Verge