Microsoft warns of Windows ‘PrintNightmare’ vulnerability that’s being actively exploited
The Windows Print Spooler strikes again
/cdn.vox-cdn.com/uploads/chorus_image/image/69533181/acastro_170629_1777_0008_v2.0.jpg)
Microsoft is warning Windows users about an unpatched critical flaw in the Windows Print Spooler service. The vulnerability, dubbed PrintNightmare, was uncovered earlier this week after security researchers accidentally published a proof-of-concept (PoC) exploit. While Microsoft hasn’t rated the vulnerability, it allows attackers to remotely execute code with system-level privileges, which is as critical and problematic as you can get in Windows.
Researchers at Sangfor published the PoC, in what appears to have been a mistake, or a miscommunication between the researchers and Microsoft. The test code was quickly deleted, but not before it had already been forked on GitHub.
Sangfor researchers had been planning to detail multiple 0-day vulnerabilities in the Windows Print Spooler service at the annual Black Hat security conference later this month. It appears the researchers thought Microsoft had patched this particular vulnerability, after the company published patches for a separate Windows Print Spooler flaw.
It has taken Microsoft a couple of days to finally issue an alert about the 0-day, and Bleepingcomputer reports that the company is even warning customers that it’s being actively exploited. The vulnerability allows attackers to use remote code execution, so bad actors could potentially install programs, modify data, and create new accounts with full admin rights.
Microsoft admits “the code that contains the vulnerability is in all versions of Windows,” but it’s not clear if it’s exploitable beyond server versions of Windows
No comments:
Post a Comment