Microsoft has fixed a security flaw that left all supported versions of its Windows operating system vulnerable to hackers.

Kelly Sheridan, Staff Editor, Dark Reading

July 14, 2016

3 Min Read
<p align="left">(Image: Nicolas McComber/iStockphoto)</p>

10 Career-Boosting Books For Your Summer Reading List

10 Career-Boosting Books For Your Summer Reading List


10 Career-Boosting Books For Your Summer Reading List (Click image for larger view and slideshow.)

Microsoft has addressed a critical vulnerability affecting every version of its Windows operating system.

The company announced a patch entitled "Security Update for Windows Print Spooler Components" on July 12. It confirmed this update was rated Critical for all supported releases of Windows.

If exploited, this vulnerability could have enabled a hacker to assume control over a system and execute a man-in-the-middle (MiTM) attack on a user's workstation or print server. The attacker could have also set up a rogue print server on a network.

[Read: HummingBad Malware Infects 85 Million Android Devices]

This type of attack would be possible because the Windows Print Spooler server did not correctly validate print drivers when installing a printer from the server.

The remote code execution vulnerability would also have let a hacker view, edit, or delete data, install programs, or create new accounts with full user rights. It's explained more in-depth in a blog post by Vectra Networks security researcher Nicolas Beauchesne, as discovered and reported by ZDNet.

Beauchesne explains how User Account Controls are typically used to warn users or prevent them from installing new a new printer driver. An exception was created in Windows to avoid this control so it would be easier to print.

"So in the end, we have a mechanism that allows downloading executables from a shared drive, and run[s] them as system on a workstation without generating any warning on the user side," Beauchesne wrote. "From an attacker perspective, this is almost too good to be true, and of course we had to give it a try."

The flaw affects all versions of Windows from Windows Vista and later, including Windows Server 2008. Microsoft notes this threat poses the biggest risk to users with administrative access, as opposed to those with fewer user rights.

Tuesday's update addresses the problem by correcting how the Windows Print spooler service writes to the file system, and issues a warning to users who attempt to install untrusted printer drivers. The patch is available via Windows Update.

Microsoft has adopted a tighter focus on security with the latest updates to its Windows OS, especially as it tries to get business customers to upgrade to Windows 10.

In March the company announced Windows Defender Advanced Threat Protection, a security boost designed for the enterprise that builds on safeguards already built into the OS. Some of the included protection includes Device Guard, Credential Guard, Windows Hello, and Passport.

Windows Hello leverages a biometric scanner to read a user's fingerprints, face, or iris to securely access applications and content without a password.

Passport lets users enter websites, networks, and apps without passwords after they are authenticated via biometric scanning.

Device Guard aims to eliminate zero-day attacks by scanning apps and blocking those that have not been signed by the Windows store, specific vendors, and the enterprise.

The goal of Advanced Threat Protection is to minimize the amount of time it takes for businesses to detect and contain security breaches. When an attack occurs, it provides key data such as: Who performed the attack, which devices were affected, and how the breaches are linked.

Business users will have access to these features when Microsoft launches the Windows 10 Anniversary Update on Aug. 2.

About the Author(s)

Kelly Sheridan

Staff Editor, Dark Reading

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial services. Sheridan earned her BA in English at Villanova University. You can follow her on Twitter @kellymsheridan.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights