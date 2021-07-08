



Microsoft has released an out-of-band security update for most supported versions of Windows due to a critical vulnerability called PrintNightmare. This exploit was published by security research firm Sangfor. The company mistakenly published a proof of concept for this exploit.

It’s not uncommon for researchers and white hat hackers to search for such exploits, but the findings aren’t publicly available before companies fix them. In this case, the vulnerability was first mentioned in May when Sangfor tweeted that it would announce the findings of the Black Hat CISO Summit.

The proof of concept was then accidentally published and quickly removed, but not before it was republished elsewhere, including Microsoft’s own GitHub. This allows anyone who could be an attacker to effectively use malicious code. According to Microsoft’s Security Response Center (MSRC), the exploit is actually detected and means someone is trying to take advantage of it.

PrintNightmare affects the Windows print spooler that is typically used to allow multiple computers to share a single computer. However, in this case, the vulnerability could allow a hacker to gain control over the device, access data, or install programs.

Microsoft described this issue as follows:

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could execute arbitrary code with SYSTEM privileges. An attacker could then install the program. View, modify, or delete data. Alternatively, create a new account with full user privileges.

This means that someone could have full access to your computer without your knowledge until the damage occurs.

According to Microsoft, the fix “also includes new features that fully address common vulnerabilities and allow customers to implement stronger protections.” That said, at least one researcher has stated that the fix does not completely fix the problem unless the “point and print” feature is also disabled.

As a rare move, Microsoft has released a patch that reverts to Windows 7 and Windows Server 2008. Neither is officially supported or you receive regular security updates. In addition, updates for Windows Server 2012 and Windows 10, 1607 are not yet available, but the company says it will be released soon.

To install updates to protect your PC in Windows 10[スタート]Click on the menu[設定]>[更新とセキュリティ]>[WindowsUpdate]Open. The update should be listed as ready for download.[今すぐダウンロード]Select and follow the prompts to install the update.

Microsoft has created this update cumulatively. That is, it contains previous updates that you may not have installed. However, you should always enable security updates on your computer to ensure protection from the latest threats.

