Microsoft’s latest security vulnerability could have a lingering impact both on consumers and businesses at a time when many around the world are already on high alert for disruptive cyber attacks.
Researchers at security firm Sangfor recently found a Windows vulnerability, called PrintNightmare, that could allow hackers to remotely gain access to the operating system and install programs, view and delete data or even create new user accounts with full user rights. The firm accidentally leaked instructions on how the flaw could be exploited by hackers, exacerbating the need for Windows users to update their systems immediately.
Here’s what you should know about the issue and how to address it:
Has my Windows device been impacted?
Microsoft (MSFT) is urging all Windows users to install an update that affects the Windows Print Spooler service, which allows multiple users to access a printer. The company has already rolled out fixes for Windows 10, Windows 8, Windows 7 and some server versions. Microsoft (MSFT) ended support for Windows 7 last year, so the decision to push an update to that software highlights the severity of the PrintNightmare flaw.
Although many Windows users don’t have remote access capabilities on their home computers, business computers or people working remotely and connecting back to the office could be most affected, according to Michela Menting, a cybersecurity expert at ABI Research.
How big a deal is this?
Windows 10 runs on about about 1.3 billion devices worldwide, according to market research firm CCS Insight, so the magnitude of the vulnerability’s reach is massive. “This is a big deal because Windows 10 is the most popular desktop OS out there with over 75% market share,” Menting said.
Because Windows 10 is used by desktop computers as well as some servers, it could potentially enable hackers to infiltrate a network “very quickly” and get in “practically anywhere to find the most lucrative databases and systems,” Menting said.
Once Sangfor shared a proof-of-concept exploit code on the Microsoft-owned code hosting platform Github, it was copied by users before it was deleted.
How to download the patch
Windows users can visit the Settings page, then select the Update & Security option, followed by Windows Update, or else visit the Microsoft website to download the new software.
However, one researcher on Twitter showed how the emergency update isn’t entirely effective, leaving room for potential actors to still exploit the vulnerability. After this story published, a Microsoft spokesperson said the company is “not aware of any bypasses to the update” but continues to investigate the matter.
Menting said a buggy patch is in many ways like “years in cybercrime time,” adding it’s “highly likely” ransomware attacks or data theft could occur as a result. “There is no doubt that not every company will have updated their OS before attackers get in,” she said.
The big takeaway
Still, the incident serves as a reminder for both businesses and consumers to routinely update any kind of software to ensure impacted systems aren’t left exposed. For anyone who believes they could be at risk to a vulnerability or isn’t sure, Menting suggested disabling impacted functions until a company rolls out an official fix.