The security flaw, known as PrintNightmare, affects the Windows Print Spooler service. Researchers at the cybersecurity company Sangfor accidentally published a guide to exploiting it.
The researchers tweeted at the end of May that they had found vulnerabilities in Print Spooler, which gives more users access to a printer. They mistakenly published a proof-of-concept online and then deleted it – but not before it was published elsewhere on the web, including the developer’s website GitHub.
Windows 10 is not the only affected version – Windows 7, for which Microsoft ended support last year, is also vulnerable.
Despite announcing that they would no longer issue updates for Windows 7, Microsoft released an update for the 12-year-old operating system, emphasizing the severity of the PrintNightmare error. Updates for Windows Server 2016, Windows 10, version 1607 and Windows Server 2012 will be “expected soon”, it says.
“We recommend that you install these updates immediately,” the company said.
If there is any good news it is that the current security update is cumulative, which means that it also includes previous fixes for previous security issues.
This is the latest in a series of security alerts from Microsoft over the past year and a half. The company has been involved in security issues, including in 2020 when the National Security Agency notified Microsoft of a major flaw in the Windows operating system that could allow hackers to constitute legitimate software companies. And this year, hundreds of thousands of Exchange users were targeted after four vulnerabilities in the software allowed hackers to access servers for the popular email and calendar service. Microsoft was also the target of a devastating breach of SolarWinds.
In particular, Microsoft has not released an update for Windows 11. The latest operating system, which will be released soon, is currently available for beta testers. Windows 11 comes six years after Microsoft last revised the operating system with Windows 10, a major update that now runs on around 1.3 billion devices worldwide, according to CCS Insight.