Microsoft issues security warning for all Windows users, enterprises take note
All Windows users have been urged by Microsoft to install a security update as soon as they can after security researchers found a serious vulnerability in the operating system. The security warning was issued following the discovery of a vulnerability in Windows Print Spooler.
Hackers are using PrintNightmare, a remote code execution zero-day flaw in Windows Print Spooler service to remotely execute malicious code with system-level privileges. Most applications use Windows Print Spooler for printing as it allows users to queue up a series of documents and then print them in the background while performing other tasks.
According to cybersecurity provider Kaspersky, PrintNightmare is considered extremely dangerous because it is enabled by default on all Windows-based systems, making all Windows-based computers and servers vulnerable, especially unpatched ones. PrintNightmare can use these vulnerabilities to gain control of them and use it for ransomware purposes.
Microsoft has since released an update directly to the Windows Update client to improve reliability. Devices running Windows 10 will receive updates automatically from Windows Update, including the Enterprise and Pro editions. Users that have configured their devices to receive automatic updates should manually update their device the soonest possible.
While the security patch is targeted mainly at Windows 10’s one billion users, Microsoft has also prepared security updates for Windows 7 users, despite ending support for it last year. There are some delays though for security updates on Windows Server 2016, Windows 10 version 1607, and Windows Server 2012, which is expected to be fixed soon.
Interestingly, Microsoft has also not released a patch for Windows 11, its newest operating system. While it’s currently available to beta testers, Windows 11 is due to be made available soon on most devices.
Not the first time
The PrintNightmare vulnerability is the latest in a list of security incidents that have affected Microsoft recently. The company recently had its US$10 billion deal with the Pentagon scrapped after the government said they would relook at the capabilities of the services offered by Microsoft as well as other tech players in the industry.
Earlier this year, thousands of Microsoft Exchange users were also targeted after hackers exploited four vulnerabilities in its software to access servers. Microsoft was also one of the targets of the SolarWinds breach which affected most tech companies in the US last year.
Despite the release of the security patch by Microsoft, organizations should constantly check their IT systems for the latest security updates and patches. Hackers will continue to find weaknesses in operating systems and do their best to exploit them.
Cybersecurity providers suggest organizations disable Windows Print Spooler on servers and computers that do not need to do any printing. For example, servers in data centers do not have any requirement of printing any documents while some office computers are only used as workstations and not used for printing as well.
Organizations should look to invest in reliable endpoint security solutions on their servers and computers. This will prevent exploitation attempts of both known and unknown vulnerabilities like PrintNightmare. With remote working still being practiced by most organizations, companies need to have visibility on who has access to these computers and servers from remote locations as well.
Zero-trust cybersecurity measures may help detect any anomalies in the system or user behavior. Hence, more organizations should be looking towards their users and devices used in accessing data, be it on the cloud or on-premises.
20 January 2022
20 January 2022