Windows hit by 'PrintNightmare' exploit — what you need to know
A newly-discovered vulnerability could enable ransomware attacks on your PC
Windows users, take note: A new vulnerability has been discovered across multiple versions of the PC operating system that could enable significant exploits, such as remote attackers gaining access to your computer and modifying your data.
Called “PrintNightmare,” the exploit takes advantage of a security vulnerability found within the Windows Print Spooler service, which helps your PC manage the flow of print jobs being sent to a printer or print server.
- Best Windows 10 antivirus software
- Bitdefender vs. Kaspersky: Which antivirus is better?
- Plus: Windows 11 updates are taking cues from macOS — what that’s good
While the Print Spooler is the source of the issue, the potential consequences go well behind printing.
According to Microsoft, which released “PrintNightmare” mitigation strategies yesterday (July 1), attackers could use the vulnerability to gain system-level access and remotely install programs on your PC, modify or delete data, or create new accounts with full user rights. Such techniques could be used for ransomware attacks, for example.
Microsoft’s exploit acknowledgement page lists a wide array of Windows versions, including the current Windows 10 but also Windows 7, Windows 8.1, and various renditions of Windows Server. The company says that the vulnerability is already being actively exploited.
Microsoft has not yet patched the exploit, but recommends installing the latest security update from June anyway, along with disabling the Print Spooler service or disabling inbound remote printing through Windows’ Group Policy infrastructure. Microsoft has not yet rated the severity of the exploit, but the potential consequences of the attack are very serious indeed.
According to ITNews, news of the exploit may have been released prematurely. Hong Kong-based security group Sangfor Technologies planned to detail Windows Print Spooler zero-day exploits at the upcoming Black Hat USA conference and published the proof-of-concept exploit online. The firm then removed it after realizing that the exploit was still active, but the code had already been copied.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
Often, security firms share these discovered exploits with the software maker to ensure that they can be patched out before details are shared with the public. In this case, however, the exploit proof-of-concept may have been published prematurely or there may have been a miscommunication between the group and Microsoft.
This isn’t the first time that Windows Print Spooler has been exploited with disastrous results. The Stuxnet worm, discovered in 2010, similarly exploited a vulnerability in the service and wreaked havoc on Iran’s nuclear facilities before spreading elsewhere around the world.
Andrew Hayward is a freelance writer for Tom’s Guide who contributes laptop and other hardware reviews. He’s also the Culture Editor at crypto publication Decrypt covering the world of Web3. Andrew’s writing on games and tech has been published in more than 100 publications since 2006, including Rolling Stone, Vice, Polygon, Playboy, Stuff, and GamesRadar.