Posted on 07/07/2021 9:07:39 AM PDT by Red Badger
Microsoft is telling Windows customers to immediately install an update, after a serious vulnerability in the operating system was found by researchers.
The security flaw, known as PrintNightmare, affects the Windows Print Spooler service, according to CNN.
Researchers at cybersecurity company Sangfor accidentally published a how-to guide for exploiting it, the cable TV news network also reports.
The researchers tweeted in late May that they had found vulnerabilities in Print Spooler, which allows multiple users to access a printer, CNN also reports.
Do you remember when Windows didn’t have serious problem?
Yeah, me neither.
Microsoft always says their updates are end-of-the-world important.
Yeah, me neither.
Cue the arrogant Linux users in 3...2....1...
Security AdvisoryCritical Vulnerability CVE-2021-34527 (PrintNightmare)
General - ATTN: All Windows systems administrators and system owners
What Happened?
A critical vulnerability in the print spooler service of Microsoft Windows was disclosed to the public last week. Referred to as “PrintNightmare,” this vulnerability allows an attacker to run commands, install programs, modify data, and create new Windows accounts with full Windows SYSTEM privileges.
Code to exploit this vulnerability has been published online, and exploit toolkits have already started including functionality to attack this vulnerability. There are currently no active, confirmed attacks occurring in the wild, but this is likely to change over the next several days or weeks.
Key Points:
* This critical vulnerability affects all versions of Microsoft Windows.
* Domain controllers are particularly at risk, as they are high-value targets.
* An attacker needs valid login credentials to compromise a vulnerable system.
* The most recent cycle of Windows updates do NOT protect against this vulnerability.Microsoft has released an out-of-cycle update on July 6th to address this vulnerability, however.
There are also workarounds that will mitigate this vulnerability until a patch is released by Microsoft.
NOTE: These workarounds will disable the vulnerable system’s ability to print.
Windows Print Spooler has always had problems way back to Windows 95.
What, Nigerian princes can now bypass email and print out their pleas to you at 2 am?
According to Bender in the year 3000 the prisons will be using Windows because it always locks up.
At the other end of Windows history: “Microsoft Windows: You will believe your 386 will fly like a 286 running DOS.”
This was BIG news, what, a week ago?
The cure is really simple. Don’t run the Windows print spooler on servers that have Internet service.
Not necessarily. We do not give our users the ability to install software. However, this exploit uses the built in SYSTEM account. So this exploit will work regardless of the permission level of the account used to access the system originally.
just take the paper out of your printer
The print spool has been junk forever.
Fixed that for you.
At least out-of-the-box it detects all your hardware so (if not already configured) you can go to enable such essentials as a USB wifi adapter internet with drivers.
Did I say I was running Linux? No, I did not.
That is fine and sorry for presuming, but I was also hoping for some help!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.