After security researchers discovered a serious vulnerability in the operating system, Microsoft is urging Windows users to install an update right away.
The PrintNightmare security flaw affects the Windows Print Spooler service. Researchers at Sangfor, a cybersecurity firm, inadvertently published a how-to guide for exploiting it.
The researchers discovered vulnerabilities in Print Spooler, which allows multiple users to access a printer, and tweeted about it in late May. They accidentally posted a proof-of-concept online, which they later removed, but not before it was shared elsewhere, including on the developer site GitHub.
Hackers who exploit the vulnerability, according to Microsoft (MSFT), could install programs, view and delete data, and even create new user accounts with full user rights. This gives hackers complete command and control over your computer, allowing them to cause serious damage.
Windows 10 isn’t the only version affected; the vulnerability also affects Windows 7, which Microsoft stopped supporting last year.
Despite announcing that it would stop issuing updates for Windows 7, Microsoft released a patch for the 12-year-old operating system, highlighting the severity of the PrintNightmare flaw. Windows Server 2016, Windows 10, version 1607, and Windows Server 2012 updates are “expected soon,” according to the company.
“We recommend that you install these updates immediately,” the company said.
The only positive news is that the recent security update is cumulative, which means it contains previous fixes for previous security problems too.
Microsoft has issued a slew of security alerts in the last year and a half. The company has had its share of security issues, including in 2020 when the National Security Agency warned Microsoft about a major flaw in its Windows operating system that could allow hackers to impersonate legitimate software firms. Hundreds of thousands of Exchange users were also targeted this year after four software flaws allowed hackers to gain access to the popular email and calendar service’s servers. Microsoft was also hacked by SolarWinds, which resulted in a massive data breach.
Notably, no patch for Windows 11 has been released by Microsoft. It is currently accepting beta testers for its newest operating system, which will be released soon. According to CCS Insight, Windows 11 comes six years after Microsoft last overhauled its operating system with Windows 10, a major update that now runs on 1.3 billion devices worldwide.