Microsoft is warning Windows users to update their systems as soon as possible, taking the unusual step of releasing PrintNightmare security patches for even out-of-support versions of the OS. The potential hack, described as “critical” by Microsoft, is already believed to have been actively exploited in the wild.
The culprit, Microsoft says, is the Windows Front Spooler service. Normally that’s the part of Windows which manages printer jobs, including for networked computers. However, hackers have figured out a way to use it to install their own code on PCs.
“A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations,” Microsoft explains. “An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
The existence of the vulnerability was revealed prematurely, after security researchers announced their discovery thinking that Microsoft had already pushed out a patch for the flaw. In fact, it turned out, that was an update for a different issue with the Windows Print Spooler. In the aftermath, Microsoft was left scrambling to ready a new fix.
The first part of that was pushed out earlier this week, with updates for a whole host of Windows systems including Windows 10 and Windows Server 2012. Now, Microsoft has followed that with a new release of further patches. “An update has now been released for all affected versions of Windows that are still in support,” the company says.
However, in reflection of just how serious this potential exploit is, Microsoft has also readied updates which will address it on out-of-support versions. That includes Windows 7, official security support for which ended in 2020.
Depending on what version of the OS your PC is running, you can access the security patch in different ways. The easiest, for consumers, is probably to use Windows Update. That may automatically be installing updates periodically, but you can access it manually and load the patch straight away instead.
“We recommend that you install these updates immediately,” Microsoft cautions.
Once the patch is installed, you should take a moment to check that the Windows registry has been updated appropriately. Microsoft explains what to look for:
In order to secure your system, you must confirm that the following registry settings are set to 0 (zero) or are not defined (Note: These registry keys do not exist by default, and therefore are already at the secure setting.):
NoWarningNoElevationOnInstall = 0 (DWORD) or not defined (default setting)
NoWarningNoElevationOnUpdate = 0 (DWORD) or not defined (default setting)
Having NoWarningNoElevationOnInstall set to 1 makes your system vulnerable by design.
The new patches also include protections for CVE-2021-1675, the other Windows Print Spooler service exploit.