Microsoft has issued a recommendation for Windows users to install updates immediately after the computer producer said it found a vulnerability in the operating system.
The flaw became known colloquially as “PrintNightmare” because it affects the Windows Spring Spooler service, a program that allows multiple people to access the same printer. According to an initial report by CNN, the technology company Sangfor accidentally tweeted a proof-of-concept design that claimed to find the vulnerabilities in the program. Though the original tweet had since been deleted, screenshots had reportedly been shared online.
“A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges,” wrote Microsoft of the flaw.
“An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
Known officially as CVE-2021-34527, the Point and Print security vulnerability impacts all versions of Windows; and though the Point and Print system is not directly related, the technology weakens the local security that allows for possible exploitation. Microsoft issued a security update on July 7 for Windows Server 2012, Windows Server 2016 and Windows 10, Version 1607. To run it, Microsoft recommends immediately installing the updates as seen in the “security updates” table for the applicable update for your system.
If you are unable to install these updates, see the FAQ and workaround sections in this guide for information on how to help protect your system from this vulnerability.