 "Microsoft warns Windows users of unpatched critical vulnerability")
Microsoft has warned Windows users of an unpatched critical vulnerability that can help hackers install malicious programmes and access key data on their systems.
The critical flaw is present in the Windows Print Spooler service and is nicknamed 'PrintNightmare'.
The US national cyber agency has also admitted that the attacker can exploit 'PrintNightmare' to take control of an affected system.
"Microsoft is aware of and investigating a remote code execution vulnerability that affects Windows Print Spooler and has assigned CVE-2021-34527 to this vulnerability. This is an evolving situation," the company said in an update on Thursday.
A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations.
"An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," Microsoft warned.
Microsoft said, "The code that contains the vulnerability is in all versions of Windows".
The Print Spooler service runs by default on Windows, including on client versions of the OS, Domain Controllers, and many Windows Server instances.
Vulnerabilities in the Windows Print Spooler service have been a headache for system administrators for years.
The US Cybersecurity and Infrastructure Security Agency (CISA) has encouraged administrators to disable the Windows Print spooler service in Domain Controllers and systems that do not print.
Microsoft is working on a patch and has asked users to disable the Windows Print Spooler service, or disable inbound remote printing through Group Policy.
If you haven't installed the latest batch of Windows updates on your system, do so and disable the print spool service.
"Exploits such as this underline how important it is to both securely authenticate users and be in a position to identify unusual network activity," Martin Lee, technical lead at Cisco Talos, told The Registrar.
--IANS
na/dpb
(Only the headline and picture of this report may have been reworked by the Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)
You’ve reached your limit of {{free_limit}} free articles this month.
Subscribe now for unlimited access.
Already subscribed? Log in
Subscribe to read the full story →
Smart Quarterly
₹900
3 Months
₹300/Month
Smart Essential
₹2,700
1 Year
₹225/Month
Super Saver
₹3,900
2 Years
₹162/Month
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app