Microsoft is urging Windows users to immediately install an update after security researchers found a serious vulnerability in the operating system.
The security flaw, known as PrintNightmare, affects the Windows Print Spooler service. Researchers at cybersecurity company Sangfor, accidentally published a how-to guide for exploiting it.
The researchers tweeted in late May that they had found vulnerabilities in Print Spooler, which allows multiple users to access a printer. They published a proof-of-concept online by mistake and subsequently deleted it. But not before it was published elsewhere online, including developer site GitHub.
Microsoft (MSFT) warned that hackers that exploit the vulnerability could install programmes, view and delete data or even create new user accounts with full user rights. That gives hackers enough command and control of your PC to do some serious damage.
Windows 10 is not the only version affected. Windows 7, which Microsoft has ended support for last year, is also subject to the vulnerability.
Despite announcing that it would no longer issue updates for Windows 7, Microsoft issued a patch for its 12-year old operating system, underscoring the severity of the PrintNightmare flaw. Updates for Windows Server 2016, Windows 10, version 1607, and Windows Server 2012 are “expected soon,” it said.
“We recommend that you install these updates immediately,” the company said. If there’s any good news, it is that the current security update is cumulative, meaning it contains previous fixes for previous security issues too.
It’s the latest in a slew of security alerts from Microsoft in the past year and a half. The company has been embroiled in safety issues, including in 2020 when the National Security Agency alerted Microsoft to a major flaw in its Windows operating system that could let hackers pose as legitimate software companies.
And this year, hundreds of thousands of Exchange users were targeted after four vulnerabilities in its software allowed hackers to access servers for the popular email and calendar service. Microsoft was also the target of a devastating SolarWinds breach.
Notably, Microsoft hasn’t released a patch for Windows 11. Its newest operating system, due out soon, is currently available to beta testers. Windows 11 comes six years after Microsoft last overhauled its operating system with Windows 10, a major update that’s now running on around 1.3 billion devices worldwide, according to CCS Insight.
- 16 feared dead, over 40 injured in Gomoa Okyereko accident on Accra-Cape Coast highway
- Otumfuo destools chief of Asante’s famous Antoa town
- Supreme Court ‘cautions and discharges’ NDC’s Kpessa Whyte after convicting him for contempt
- Pressure mounts on cedi; loses 9% in value to dollar last week
- Tinubu removes controversial Fuel subsidy in Nigeria
- Nigeria: Hilton Hotel owner, two workers sentenced to death for murder of student
- Bawumia picks NPP flagbearer nomination form
- We’re sorry for obnoxious statements about Christianity in history textbook – Ghana Authors & Publishers
- Parliament writes to EC, declares Assin North seat vacant
- AFCON 2023Q: Nuamah included, Sowah dropped as Hughton names Ghana squad to face Madagascar
- CHASS expresses concern about abuse of PTA funds
- Indigenous knowledge vital in preserving biodiversity – Educationist
- 4,000 Amansie West residents now on NHIS
- ‘I’m working hard to get back’ – Tariq Lamptey on latest Black Stars absence
- JoyNews premieres ‘Ghana Potholes Exhibition’
- Keta Port will be your legacy if constructed – KIPC CEO to Akufo-Addo
- Resign and concentrate on your health; Ahanta West needs development – NDC tells Kojo Kum
- Tariq Lamptey Foundation donates football kits and equipment to two schools in Asamankese
- OccupyGhana shocked at government’s new position on Public Officers Act after ignoring its calls
- Beyoncé celebrates Blue Ivy after she takes stage at Renaissance world tour
- ‘Remain calm, for, you are kind and peace-loving’ – Indonesian Consul to Voltarians
- National Cathedral: Only $22.07m out of $58.14m has gone into actual construction – Ablakwa
- Agorkedzi: Another tidal waves destruction leaves one dead, many homeless
- Immediately transfer shares held by JOHL to GNPC – Minority to government
- 2023 U23 AFCON: Kamaldeen Sulemana to be called up to Black Meteors squad for tournament