Hackers are currently taking advantage of a serious bug in the Microsoft Windows print spooler. Don’t know what that is? That’s ok, just know that its on all Windows systems and it’s running all of the time by default.
Learn more about what’s going on in this short…
Transcript
News hit this week of a new windows, vulnerability, dubbed PrinterNightmare.
The print spooler is a system level service that’s responsible for managing print jobs.
[00:00:08] It takes in a request, loads the right drivers, it formats the print job, and then it schedules it.
Now the keys here is that this is a service that’s on by default and it’s always running. And it also runs as a system level service that regularly executes code.
It’s a perfect entry point for hackers.
[00:00:24] Now it’s a long weekend, which means things are always going to get worse.
And in this case, a researcher accidentally published the exploit code in a communications mix-up. Hackers are exploiting this technique right now.
There are two things you can do to defend yourself today.
[00:00:37] Use a network intrusion prevention system to stop the attack before it ever hits the affected server or disable the print spooler on systems that don’t need to print…like your entire server fleet outside of the print server itself.
Stay tuned as Microsoft is bound to issue an emergency patch on this one.
References
- Microsoft warns of Windows ‘PrintNightmare’ vulnerability that’s being actively exploited, from The Verge
- The Record with, “PoC exploit accidentally leaks for dangerous Windows PrintNightmare bug”
- The vulnerability details in the NVD