A security flaw in Windows jeopardizes everything you print with your computer

0
30
1625546558 909490 1625546925 rrss normal.jpg
1625546558 909490 1625546925 rrss normal.jpg

The problem with the current IT infrastructures that we have in the world is that nobody knows for sure how many errors and critical security flaws are yet to be discovered, which gives hackers a huge advantage when it comes to acting, since they can do it over flaws that even the software makers don’t know exist. What does not stop being a reason for uncertainty when we navigate between pages of dubious legitimacy. And today’s is a sample of that since hidden behind the zero day failure label, a problem appears that we could all suffer if we cross the path of a cybercriminal who knows how to assault our computer thanks to PrintNightmare, which is like Both the US and Spanish authorities of the INCIBE have called this failure. Maximum danger It has been the Spanish INCIBE (National Cybersecurity Institute) itself that has considered that PrintNightmare is a level 5 problem and, therefore, critical. A 0day “remote code execution (RCE) vulnerability, which affects the Microsoft Windows Print Spooler service”, in all its versions, not only for Windows 10, which is the most popular, but also in others that directly affect the business environment . Through this security hole, an attacker who knows about this flaw could remotely execute code with sufficient privileges to manipulate our computer and take control of servers based on Microsoft software. Although at first the official recommendation was to “disable the Microsoft Windows Print Spooler service, specifically on domain controller (DC) and active directory (AD) systems”, in the last few hours a small step has been taken when it was discovered that this problem could be stopped “by restricting access control lists (ACLs), to make the exploit ineffective.” The iNCIBE recalls that “in the Microsoft security updates of June 2021 the vulnerability CVE-2021-1675 was corrected, which was initially classified as high severity and of type privilege escalation, but subsequent investigations have determined that the Print Spooler service does not correctly restrict access to the RpcAddPrinterDriverEx () function “, allowing a remote attacker to” execute arbitrary code with SYSTEM privileges “. This measure is a simple band-aid until Microsoft takes over the situation and chooses to publish a patch that completely closes any possibility of exploiting that hole in the future. So stay tuned for system updates in the coming days.

SEE ALSO  These are the four new features that WhatsApp has just added