Microsoft is reportedly warning Windows users about an unpatched critical flaw in the Windows Print Spooler service, dubbed “PrintNightmare.” The critical bug allows attackers to execute code with system-level privileges in Windows computers.
The Verge reports that Microsoft has begun warning Windows users of an unpatched critical flaw in the Windows Print Spooler service that has been dubbed “PrintNightmare.” The vulnerability was uncovered earlier this week after security researchers accidentally published a proof-of-concept (PoC) exploit.
Microsoft has yet to rate the vulnerability but it allows attackers to execute code with system-level privileges which is a critical issue for Windows users. Researchers at Sangfor published the PoC in what appears to be a mistake or miscommunications between the researchers and Microsoft. The test code was quickly deleted but not before being forked (copied) on GitHub.
Sangfor researcher had reportedly been planning to detail multiple 0-day vulnerabilities in the Windows Print Spooler service at the annual Black Hat security conference late this month. It appears that the researchers believed that Microsoft had patched this particular security issue after the company published patches for a separate Windows Print Spooler flaw.
Days later, Microsoft is warning users of the potential issue. Microsoft admits “the code that contains the vulnerability is in all versions of Windows,” but it is not currently clear if its exploitable beyond server versions of Windows, meaning the majority of retail Windows users may be safe.
Microsoft is currently working on a patch but until it’s available, the company recommends disabling the Windows Print Spooler service, or disable inbound remote printing through Group Policy. The Cybersecurity and Infrastructure Security Agency (CISA) has recommended that admins “disable the Windows Print Spooler service in Domain Controllers and systems that do not print.”