Microsoft’s latest security vulnerability could have a long-term impact on both business and consumer at a time when many across the world are already on high alert for disruptive cyber attacks. At a security firm, Sangfor researchers recently found a Windows vulnerability called PrintNightmare. This would allow hackers to remotely access the operating system, install the programs, create a new user account with full user rights, and view and delete data. The firm accidentally leaked details on how the flaw could be exploited by hackers and emphasised the Windows users to update their system immediately.
Microsoft is urging all Windows users to install an update that affects the Windows Print Spooler service. This service allows multiple users to access a printer. Microsoft has already rolled out fixes for Windows 7,8,10, and some server versions. Last year company ended support for Windows 7, so the push update to that software highlights the severity of the PrintNightmare flaw.
According to Michela Menting, a cybersecurity expert at ABI Research, Many Windows users don’t have remote access capabilities on their business, and home computers working remotely and connecting back to the office could be most affected. According to market research firm CCS Insight, Windows 10 runs on about 1.3 billion devices worldwide, so the reach of vulnerability is huge. “This is a big deal because Windows 10 is the most popular desktop OS out there with over 75% market share,” Menting said.
Since Windows computer is used by Desktop Computers as well as some servers, it could potentially enable hackers to gain access to a network “very quickly” and get in “practically anywhere to find the most lucrative databases and systems,” Menting said.
Steps to download the patch –
- Visit the Settings page
- Select the Update & Security option
- Select Windows update
- Or visit the Microsoft website to download the new software.
One user on Twitter showed how the emergency update isn’t entirely effective, leaving space for potential actors to exploit the vulnerability still. There was no immediate response from Microsoft on this Tweet. This incident reminds consumers and businesses to keep updating software regularly.