The PrintNightmare flaw, also identified as CVE-2021-34527, affects all versions of Windows, and targets Windows Print Spooler service, a process that manages access to printers from multiple users. It was revealed after researchers at cybersecurity firm Sangfor accidentally published guidance for exploiting the flaw.
The researchers had tweeted in May that they had found the vulnerability, but accidentally made the proof-of-concept available online. Although they quickly deleted it, it was shared elsewhere including on Microsoft-owned GitHub.
Hackers could use the loophole to install programs, view and delete data, and create new user accounts with administrator access. Microsoft has had to issue patches for Windows Server, Windows 10, Windows 8.1, and even Windows 7.
“We recommend you update your devices as soon as possible. The update is available on all release channels including Windows Update, Microsoft Update Catalog and Windows Server Update Services (WSUS)”, Microsoft wrote in a post about the issue.
Microsoft has not yet introduced a patch for Windows 11, although preview builds are currently available for the company’s upcoming operating system. The company says the new OS will be more secure than Windows 11, but many could have to buy entirely new systems to run it.
This is the latest in a series of security concerns for Windows this year. In March, Microsoft said that it had found major vulnerabilities in its Exchange Server tools, which is used to run email and calendars for many large companies.
Less than two weeks later a problem with the Adobe Type Manager Library, which collects fonts together, caused by a particular font meant the operating system could be taken over by hackers.
The threat was low in Windows 10 because Microsoft had added protections in that version of the operating system, but the bug was classed as “critical" – the highest-possible level of alert