Microsoft has warned users of a new, unpatched Windows flaw that could allow attackers to execute code with system-level privileges remotely.
Dubbed ‘PrintNightmare,’ the security flaw exists within the Windows Print Spooler service, which helps handle printing jobs. Security researchers apparently revealed the flaw accidentally.
According to The Verge, researchers at Sangfor published a proof-of-concept for the exploit and later removed it, but it had already been forked on GitHub. The group planned to detail multiple 0-day vulnerabilities in the Windows Print Spooler service at the annual Black Hat security conference later this month. However, it seems the researchers thought Microsoft patched the vulnerability after the company published patches for a different Windows Print Spooler flaw.
BleepingComputer reported that Microsoft published mitigation guidance to help users reduce the threat of the flaw. Microsoft notes that the security exploit impacts all versions of Windows, but the company is still investigating if the vulnerability can be exploited on all Windows versions. Further, Microsoft says attackers are actively exploiting PrintNightmare.
There are currently no patches that fix the PrintNightmare exploit, but Microsoft is working on a fix. Until then, there are a few mitigation options Microsoft suggested. First, users can disable the Print Spooler service to remove printing capability locally and remotely. Alternatively, users can disable inbound remote printing through Group Policy. That would block inbound remote printing operations and should prevent remote attacks using the exploit.
Those interested in using either of the workarounds can find instructions on how to implement them here.