Home https://server7.kproxy.com/servlet/redirect.srv/sruj/smyrwpoii/p2/ Technology https://server7.kproxy.com/servlet/redirect.srv/sruj/smyrwpoii/p2/ Microsoft “PrintNightmare” Security Error: Here’s what Windows 10 users need to know

Microsoft “PrintNightmare” Security Error: Here’s what Windows 10 users need to know

Researchers at security firm Sangfor recently found a Windows vulnerability, called PrintNightmare, which could allow hackers to remotely access the operating system and install programs, view and delete data, or even create new user accounts with full user rights. The company accidentally leaked instructions on how the exploit could be exploited by hackers, which exacerbated the need for Windows users to update their systems immediately.
Microsoft (MSFT) encourages all Windows users to install an update that affects the Windows Print Spooler service, which allows multiple users to access a printer. The company has already rolled out fixes for Windows 1
0, Windows 8, Windows 7 and some server versions. Microsoft ended support for Windows 7 last year, so the decision to push an update to that software highlights the severity of the PrintNightmare error.

Although many Windows users do not have remote access features on their home computers, business computers or people working remotely and reconnecting to the office may be most affected, according to Michela Menting, a cybersecurity expert at ABI Research.

How big a deal is this?

Windows 10 runs on about 1.3 billion devices worldwide, according to market research firm CCS Insight, so the scope of the vulnerability is massive. “This is a big deal because Windows 10 is the most popular desktop OS out there with over 75% market share,” Menting said.

Because Windows 10 is used by desktops as well as some servers, it could potentially allow hackers to infiltrate a network “very quickly” and get in “virtually anywhere to find the most lucrative databases and systems,” Menting said. .

When Sangfor shared a proof-of-concept exploit code on the Microsoft-owned code hosting platform Github, it was copied by users before being deleted.

How to download the patch

Windows users can visit the Settings page and then select the Update and Security option followed by Windows Update or also visit the Microsoft website to download the new software.
However, a researcher on Twitter showed how the emergency update is not completely effective, leaving room for potential actors to still exploit the vulnerability. Microsoft did not immediately respond to a request for comment.

Menting said a buggy patch is in many ways like “years of cybercrime” and adds that it is “very likely” ransomware attacks or data theft may occur as a result. “There is no doubt that not all companies will have updated their operating system before attackers come in,” she said.

The great takeaway

Still, the incident serves as a reminder to both businesses and consumers to routinely update any kind of software to ensure that affected systems are not left exposed. For anyone who thinks they may be at risk of a vulnerability or not sure, Menting suggested disabling affected features until a company launches an official solution.

Source link