It’s a living PrintNightmare—on Tuesday, Microsoft revealed it had identified a severe vulnerability in its operating system that could let hackers delete data on your PC, install programs, or even create new user accounts with full control permissions for themselves.
The flaw, dubbed PrintNightmare, affects the Windows Print Spooler service, which is what lets Microsoft wrangle the files and documents you queue up to print. Every Microsoft computer has this feature enabled by default including those running Windows 10, Windows 8.1, and the outdated Windows 7, as well as administrative Servers 2004 and 2008 through 2019.
The flaw was discovered by researchers in May, who planned to conjure a fix and present the findings at the annual Black Hat cybersecurity summit. But then—here’s the nightmare—they accidentally web-published their proof-of-concept, essentially a how-to guide for exploiting the code. It was quickly taken down, but not before it made the rounds on the internet, hitting sites like popular developer forum GitHub.
We deleted the POC of PrintNightmare. To mitigate this vulnerability, please update Windows to the latest version, or disable the Spooler service. For more RCE and LPE in Spooler, stay tuned and wait our Blackhat talk. https://t.co/heHeiTCsbQ
— zhiniang peng (@edwardzpeng) June 29, 2021
Microsoft has since detected the malicious code in the wild, and it’s recommending that all PC users take action to defend their computers against the flaw immediately.
- Step 1: Make sure you install Microsoft’s June 2021 emergency security update. This patches one of two major loopholes in the Windows Print Spooler system. Download the version for your system here; all options are listed under “Security Updates.”
- Step 2: Unfortunately, there’s no patch yet for the second loophole, so Microsoft and the federal Cybersecurity and Infrastructure Security Agency are advising people to disable Windows Print Spooler when it’s not being used for printing. Follow the instructions listed under “Workarounds” here. It involves some coding magic via PowerShell, a program which you can download here.