The security vulnerability, known as PrintNightmare, affects the Windows Print Spooler service. Researchers at cybersecurity company Sangfor accidentally published a how-to guide to exploit it.
Researchers tweeted in late May that they had found vulnerabilities in Print Spooler, which allows multiple users to access a printer. They mistakenly posted a proof of concept online and then deleted it, but not before it was posted elsewhere online, including on developer site GitHub.
Windows 10 isn’t the only version affected – Windows 7, for which Microsoft ended support last year, is also at risk.
Although it has announced that it will no longer release updates for Windows 7, Microsoft has released a patch for its 12-year-old operating system, highlighting the severity of the PrintNightmare flaw. Updates for Windows Server 2016, Windows 10, version 1607, and Windows Server 2012 will be “expected soon,” he said.
“We recommend that you install these updates immediately,” the company said.
If there is good news, it’s that the current security update is cumulative, which means that it also contains previous fixes for previous security issues.
This is the latest in a series of security alerts from Microsoft over the past year and a half. The company has been embroiled in security concerns, including in 2020 when the National Security Agency alerted Microsoft to a major flaw in its Windows operating system that could allow hackers to pose as legitimate software companies. And this year, hundreds of thousands of Exchange users were targeted after four vulnerabilities in its software allowed hackers to gain access to servers of the popular mail and calendar service. Microsoft was also the target of a devastating SolarWinds breach.
Microsoft has also released a patch for Windows 11. Its latest operating system, which should be released soon, is currently available for beta testers. Windows 11 comes six years after Microsoft’s last operating system overhaul with Windows 10, a major update that now runs on around 1.3 billion devices worldwide, according to CCS Insight.
Update: This story has been updated to note that Microsoft has released a hotfix for Windows 11.
