Short Bytes: As a part of its monthly update cycle, Microsoft has released security patches for all versions of Windows operating system. This update addresses a critical flaw that lets an attacker launch man-in-the-middle attacks on workstations. This security vulnerability arises as the print spooler service allows a user to install untrusted drivers with elevated privileges.
Microsoft released this patch and told about the vulnerability and its severity in a post as a part of its monthly security fix release. Redmond called it a “critical flaw” that could allow an attacker to remotely install malicious malware on a system, gaining the power to change or delete data.
An experienced hacker can also create new user accounts with elevated user rights. If you are having a false sense of security just because you are running a newer version of Windows, note that all version of Windows Vista and later are affected. This list doesn’t even spare Windows Server 2008 and later.
How does this critical security flaw affect all versions of Windows?
The most organizations apply the principle of least privileges to the devices being connected to their network. However, printers don’t work this way as they need to support any device that’s connected to them. As most organizations rarely standardize a single printer, so, the multiple models within a single network make things risky.
By injecting malicious code, an attacker can launch a man-in-the-middle attack on a print server. This is possible as the print spooler service fails to validate the drivers during the printer installation process.
To make printing easier, there’s a mechanism that lets one download drivers from a shared drive. If you are a hacker looking to kill some time, it’s a perfect scenario to deploy an attack, turning the printer into a “drive-by exploit kit”.
Microsoft’s update fixes this flaw by:
- Changing the way Windows Print Spooler service interacts with the file system.
- Showing a warning message to the users who try to install untrusted printer drivers.
This flaw was reported by Nicolas Beauchesne, a security researcher at Vectra Networks. Microsoft has released the updates that can be downloaded via usual Windows Updates.
Did you find this article helpful? Don’t forget to drop your feedback in the comments section below.