Windows 10 and Windows 7 users be warned! Microsoft has issued an important security alert – and this is one that you really don’t want to ignore. The Redmond-based tech giant has cautioned that all versions of Windows are at risk from a security vulnerability that hackers are actively exploiting right now. These types of alerts, known as “zero-day”, are the most worrying as every hour that passes without a fix means hackers have a chance to attack more people.
As reported by The Verge, the unpatched – and critical – issue resides within the Windows Print Spooler service. As such, the bug has been labelled PrintNightmare and lets bad actors remotely execute code with system-level privileges. In terms of how dangerous bugs can be, that’s about as serious and dangerous as it gets.
Hackers could use the bug to install software on your device, including applications that keep a log of everything typed on your keyboard – including bank account numbers and passwords, change existing data saved on your laptop or delete documents – holding an intact copy ransom until you pay up.
The threat was discovered by cybersecurity researchers at Sangfor. In the aftermath of this threat being discovered, Microsoft issued a security advisory.
They said PrintNightmare has been exploited in the wild and Windows users needed to install security updates released towards the start of June.
Microsoft said: “Microsoft is aware of and investigating a remote code execution vulnerability that affects Windows Print Spooler and has assigned CVE-2021-34527 to this vulnerability. This is an evolving situation and we will update the CVE as more information is available.
“A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
The Windows makers went on to add: “Please ensure that you have applied the security updates released on June 8, 2021, and see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability.”
Security-focused blog Bleeping Computer reported that a separate threat assessment they had seen for Microsoft 365 Defender customers said PrintNightmare was being actively exploited by attackers.
Unfortunately, while Microsoft advises Windows users to install the June 8 update, there is no specific patch available – at the time of writing – to address the zero-day.
Microsoft said they are working on a fix and are investigating the issue. In the meantime the Windows 11 and Windows 10 makers have offered up mitigation measures for the threat.
This includes disabling the Printer Spooler service and disabling inbound remote printing through Group Policy.