A Windows security vulnerability was mistakenly exposed before Microsoft rolled out a fix. This breach called PrintNightmare affects the service of the OS that puts files on hold preparing to be sent to the printer.
A small communication error can cause serious problems. A security breach of Windows, called PrintNightmare (printing nightmare in French), was discovered by researchers at Sangfor Technologies. Issue: Microsoft had yet to deploy a patch when cybersecurity experts released their studies proof-of-concept explaining how the breach could be exploited.
Sangfor researchers wanted to publicly expose several security flaws in Windows at the annual Black Hat conference scheduled for July in the United States. However, it seems that a misunderstanding prompted experts to reveal the problem earlier than expected. The latter apparently believed that Microsoft had already corrected the problem.
They therefore hastened to delete their software test, but too late: it had already been found on GitHub.
We deleted the POC of PrintNightmare. To mitigate this vulnerability, please update Windows to the latest version, or disable the Spooler service. For more RCE and LPE in Spooler, stay tuned and wait our Blackhat talk. https://t.co/heHeiTCsbQ
— Zhiniang peng (@edwardzpeng) June 29, 2021
PrintNightmare is a flaw 0-day housed in the Windows print spooler. This is the service that manages the system's print jobs: documents sent to the printer are queued there. By exploiting PrintNightmare, malicious hackers can execute code remotely and intervene directly at the system level. However, the dangerousness of the fault has not yet been officially assessed.
“All versions of Windows” are affected
After a few days, Microsoft began to communicate on this subject to warn users that the flaw was unfortunately well and truly exploited.
Microsoft 365 Defender customers can also refer to the threat analytics report we published on this vulnerability. The report provides tech details, guidance for mitigating the impact of this threat, and advanced hunting queries, which are published here: https://t.co/tBunCJgn6W
— Microsoft Security Intelligence (@MsftSecIntel) July 2, 2021
Microsoft says its teams are working on a fix and, in the meantime, is urging customers to turn off printing software or still turn off remote printing. In addition, the company explains that “the code that contains the vulnerability is found in all versions of Windows ».
While the eyes of the Redmond firm are particularly focused on Windows 11, it remains to be hoped that Microsoft will finally find a way to more effectively secure the famous print spooler, which has already caused several breaches in the past.
We stand by the rights of the original author of the post, no matter what. We always respect and prioritize the copyright of the content and always include the original link of the source article. If the author of the original article has any issue with it, just leave a report below, we’ll edit it or delete it. Whatever it takes. We will make it right as quickly as possible to protect the rights of the author.
Thank you very much! Best regards!