Microsoft Issues Emergency Patch For PrintNightmare Flaw

Microsoft has issued a patch for a worrying “PrintNightmare” vulnerability, which can allow a hacker to remotely take over a Windows PC.

The critical flaw is found in the Windows Print Spooler service, and was discovered last week by researchers at China-based security specialist Sangfor, which accidentally published proof-of-concept (PoC) exploit code.

The flaw has been dubbed PrintNightmare, and Microsoft has issued out-of-band security updates to address the flaw.

Update immediately

The flaw has been rated as critical, as attackers can remotely execute code with system-level privileges on affected machines. Essentially, the hacker could take over, install programs, steal data, or create new accounts.

Indeed, so serious is the flaw that Microsoft has even issued a patch for Windows 7 users, despite the fact that that operating system officially went out of support last year.

The patch was issued on Tuesday and is available for download here.

The patch should be included automatically via the Windows Update.

“A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations,” said Redmond.

“An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges,” it added. “An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

Redmond said that it recommends that users install these updates immediately.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

SpaceX Polaris Dawn Crew Carry Out First Commercial Spacewalk

Billionaire Jared Isaacman and SpaceX’s Sarah Gillis become first non-professional astronauts to carry out risky…

16 hours ago

Government To Classify UK Data Centres As Critical Infrastructure

Data centres in the UK are to designated as Critical National Infrastructure (CNI), alongside energy…

17 hours ago

Irish Watchdog Launches Inquiry Into Google AI Model

Google's protection of EU users' personal data when training its AI model, is under investigation…

19 hours ago

Robot To Retrieve Fuel From Fukushima Nuclear Plant

Two week mission for robot to retrieve sample of melted fuel debris from inside one…

21 hours ago

OpenAI Valued At $150Bn In Funding Talks – Report

More cash required. Latest funding talks with investors reportedly values AI startup OpenAI at $150…

21 hours ago

LUMI – The Most Powerful Supercomputer In Europe

Silicon tours the facilities housing Europe's most powerful supercomputer, and the fifth most powerful supercomputer…

23 hours ago