(Techz.vn) According to BleepingComputer, the PrintNightmare vulnerability (CVE-2021-34527) affects all versions of Windows, allowing an attacker to hijack a server, view, change, delete data or create account (with full permissions) via remote code execution.
Specifically, PrintNightmare allows hackers to attack through Windows Print Spooler – a service on Windows that supports multiple users to access a printer. An attacker could exploit this vulnerability to install new programs, view or edit documents, and even create new accounts on the victim’s machine.
Microsoft confirmed the new vulnerability on July 1 and is investigating. The company acknowledged the security issue affects all versions of Windows and labeled the vulnerability “severe”. Although it announced that it will no longer release updates for Windows 7, Microsoft has also provided a patch for the 12-year-old OS. That shows more clearly the severity of the PrintNightmare error.
In the latest announcement, Microsoft said that the company will soon provide patches for Windows Server 2016, Windows 10, version 1607 and Windows Server 2012. “We recommend that you install these updates immediately. ie,” Microsoft said.
The fact that Windows has a serious security error occurs in the context of a wave of cyber attacks targeting many US companies. Previously, Microsoft’s platform and systems of software firms Intel and Cisco were compromised in the Solar Winds case at the end of 2020. This is considered one of the largest-scale cyberattack campaigns in the US. Hackers taking advantage of Soloar Winds software to infiltrate many systems have affected state and local governments as well as critical infrastructure and other private sector organizations. This software is used by many US government agencies.
In Vietnam, the National Cybersecurity Monitoring Center (NCSC) at the end of June warned of a vulnerability in Windows Print Spooler from the end of June. According to the Ministry of Information and Communications, agencies and organizations need to Check and review to identify potentially affected servers and workstations. If so, it is necessary to update the security patch according to Microsoft’s instructions, and have a plan to deal with when detecting signs of attack.