There is a warning going for Windows users about Print Nightmare, a defect in Window Print Spooler Service. It was already discovered a few days back.
With a misunderstanding between researchers and Microsoft, they mistakenly uploaded POC (proof of concept) confirming it. They deleted it afterward but unfortunately, GitHub had already noticed it. After the company publishes about new Windows Print Spooler defect, researchers thought that Microsoft has already dealt with it making them posting POC.
Researchers are also planning to give detailed information about the same at Annual Black Hat Security Conference. After it spread, Microsoft issued an alert among users about how it is being actively improperly used.
It permits attackers to execute code along with system-level privileges making it critical and important to solve. It helps attackers to use code so that they can install programs, create new accounts and even modify data having full admin rights.
According to Microsoft, it is present in all versions of window. The Print Spooler Service runs by default on Windows including Shopper Variations of the OS, Domain Controllers, and Window Server situations.
Microsoft is still finding a way to solve it. Till the time, it is disabling either the Windows Print Spooler Services or remote printing through Group Policy. “They should disable the Windows Print Spooler Service in Domain Controllers and the system that doesn’t print.” As recommend by Cybersecurity and Infrastructure Security Agency (CISA)
This is not the first time that there is a problem with Windows Print Spooler Service. It is problem for the company over the years. A well-known example is Stuxnet Virus which even destroys Iranian Nuclear Centrifuges.
