Microsoft has released an out-of-band security update for most supported versions of Windows because of a critical vulnerability known as PrintNightmare. The exploit was made public by a security research firm, Sangfor, which accidentally published a proof-of-concept for the exploit.
It isn't uncommon for researchers and white hat hackers to search for exploits like these, but the findings aren't generally made public before a company has a chance to fix them. In this case, the vulnerability was first mentioned back in May, when Sangfor tweeted out that it would be presenting on its findings at the Black Hat CISO Summit.
Then, the proof-of-concept was mistakenly published and then quickly removed, but not before it was republished elsewhere--including Microsoft's own GitHub. That effectively made the malicious code available to any would-be attackers. According to Microsoft's Security Response Center (MSRC), the exploit has been detected in the wild, meaning someone is trying to take advantage of it.
PrintNightmare affects the Windows Print Spooler, usually used to allow multiple computers to share a printer. In this case, however, the vulnerability could allow hackers to gain administrative control of a device, access data, and even install programs.
Microsoft described the issue this way:
A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
That means that someone could gain full access to your computer, without your ever knowing until the damage was done.
Microsoft says that its fix "fully addresses the public vulnerability, and it also includes a new feature that allows customers to implement stronger protections." That said, at least one researcher says that the fix doesn't completely fix the problem unless you also disable the "Point and Print" capability.
In an unusual move, Microsoft is releasing a patch for versions back to Windows 7, and Windows Server 2008, both of which are no longer officially supported or receiving regular security updates. In addition, updates are not yet available for Windows Server 2012 and Windows 10, 1607, though the company says they are coming shortly.
To install the update and protect your PC on Windows 10, click on the Start Menu, and open Settings > Update & Security > Windows Update. The update should be listed as ready to download. Select Download Now, and follow the prompts to install the update.
Microsoft made this update cumulative, meaning that it includes previous updates that you may not have installed. That said, you should always enable security updates on your computer, to be sure that you are protected from the most recent threats.