Chhavideep Singh
Source: The Hacker News
Microsoft is one of the most innovative technology companies in the industry and yet, somehow, the bad actors get the best of the technology giant with their advance hacking toolkits. Windows is the most hardware-compatible Operating System in the world and thus, its security has to be top-notch to protect its users from potential harm, but unfortunately, it seems like the company is lagging behind.
According to recent reports, Microsoft is rolling out an emergency update patch for Windows to address a critical vulnerability in the Windows Print Spooler service. The given name of the vulnerability is ‘PrintNightmare’ and it was revealed last week, after security researchers published proof of Concept exploit code, as mentioned in a report by The Verge.
The issue is critical and has to be patched on priority. Microsoft is aware of the gravity of the situation and is thus, issuing out-of-band security updates to address the critical flaw. Leveraging the vulnerability, bad actors such as ransomware groups, hackers, cyber attackers and more can remotely execute code with basic system-level administration control on affected PCs and this can cause a lot of damage to Windows users.
The Windows-maker has reportedly issued Windows patch updates for Windows Server 2019, Windows Server 2008, Windows RT 8.1, Windows 8.1, Windows Server 2012 R2, and several supported versions of the latest Windows 10 Operating System, according to a report by The Verge. The report further mentioned that Microsoft has even considered issuing updates for Windows 7 that went out of support last year.
But what is PrintNightmare vulnerability that Microsoft is taking too seriously?
PrintNightmare vulnerability allows hackers and cyber-criminals to use remote code execution, so hackers and attackers can remotely access your programs and potentially install new ones onto your system without your permission or interference. Other than this, this flaw can also allow attackers to modify data on your device, create new administration accounts with full rights. Basically, the flaw is a doorway for attackers to enter into your system and make changes.
Microsoft highly recommends that users install this update as soon as possible on an immediate basis. As mentioned in a report by The Verge, Microsoft says, “The security updates released on and after July 6, 2021, contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as ‘PrintNightmare’, documented in CVE-2021-34527.”
Anyhow, there are still a couple of more Windows Servers that are due to get the latest security updates from Microsoft. The company says that security updates for the remaining versions shall be released soon.