While Microsoft prepares to refine the newly unveiled Windows 11 OS before its public release later this year, the company has today issued an emergency patch to address a critical vulnerability in current Windows versions. The Redmond giant has issued out-of-band security updates for various Windows versions, including Windows 7.
For the unaware, the vulnerability called “PrintNightmare” was recently revealed by a team of security researchers. It essentially allows attackers to remotely execute code within a system using a flaw in the Windows Print Spooler service. So, using this zero-day vulnerability, attackers can execute remote codes to install programs, create new accounts, and modify data with complete admin rights.
It happened when Sangfor researchers mistakenly shared a proof-of-concept (POC) code online a couple of days ago. They were planning to address various zero-day vulnerabilities in the Windows Print Spooler service at the annual Black Hat conference and thought that Microsoft had already patched the “PrintNightmare” vulnerability. Although before they deleted the POC from the web, it was already forked on Github.
So now, Microsoft has issued patches for Windows Server 2019, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and various other supported versions of Windows 10. Surprisingly, the company has also issued an update patch to Windows 7, which it officially stopped supporting last year. However, as we know that Windows 7 still powers millions of devices globally, it was important for Microsoft to issue the said patch to resolve the critical flaw.
The company has not yet issued the patch for Windows Server 2012, Windows Server 2016, and Windows 10 v1607. However, it mentions that “security updates for these versions of Windows will be released soon.” So, if you receive a patch update relating to the Windows Print Spooler service, Microsoft recommends “that you install these updates immediately” to avoid malicious attacks.