Microsoft warns Windows users of critical unpatched cyberbug

By Laura Berrill
Microsoft warns its Windows users of an unpatched critical cybersecurity vulnerability helping hackers install malware on their systems

Microsoft has put out a warning about the existence of the unpatched bug which enables hackers to install malicious programmes and access key data on their systems.

Flaw described as a ‘PrintNightmare’

This critical flaw is present in the Windows Print Spooler service and is nicknamed 'PrintNightmare'. The US national cyber agency has also admitted that the attacker can exploit 'PrintNightmare' to take control of an affected system.

A spokesperson for the tech giant said the organisation was aware of the susceptibility and was investigating a remote code execution vulnerability that affects Windows Print Spooler. It added it and has assigned CVE-2021-34527 to the flaw and described the revelation as ‘an evolving situation.’

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. Microsoft went on to warn that an attacker who successfully exploits this vulnerability could run arbitrary code with SYSTEM privileges. Cyber hackers could then install programs; view, change, or delete data; or create new accounts with full user rights, it reiterated.  And it confirmed the code that contains the vulnerability is in all versions of Windows.

The Print Spooler service runs by default on Windows, including on client versions of the OS, Domain Controllers, and many Windows Server instances. Vulnerabilities in the Windows Print Spooler service have been a headache for system administrators for years.

Disabling the disability

The US Cybersecurity and Infrastructure Security Agency (CISA) has encouraged administrators to disable the Windows Print spooler service in Domain Controllers and systems that do not print. Microsoft says it is working on a patch and has asked users to disable the Windows Print Spooler service, or disable inbound remote printing through Group Policy. It advises that if the latest batch of Windows updates are not yet on systems, users should do this and disable the print spool service.

Martin Lee, technical lead at Cisco Talos added that exploits such as these underline how important it is to both securely authenticate users and also be in a position to identify unusual network activity.



 

Share

Featured Articles

TECH LIVE LONDON: An overview of the hybrid technology show

We take a look at the first day of Tech Live London with insights from technology leaders from companies such as IBM, Microsoft and Vodafone

TECH LIVE LONDON: Begins tomorrow at 10am!

Our marquee technology event is nearly here. There's still time to claim your free ticket (worth £295). Look forward to welcoming you to the Tobacco Dock!

Executive Q&A: Marc Lueck, CISO EMEA, Zscaler

As we prepare to welcome the Zero Trust leaders to TECH LIVE LONDON this June 23-24, we take the opportunity to chat to Zscaler CISO of EMEA, Marc Lueck

TECH LIVE LONDON: Registering, networking and logistics

Digital Transformation

New speaker from Infosys announced for TECH LIVE LONDON!

Digital Transformation

New speaker from Bernadette announced for TECH LIVE LONDON!

Digital Transformation