/>
X

Every version of Windows hit by "critical" security flaw

An attacker can install malware on all affected systems.
zack-whittaker-hs2016-rtsquare-1.jpg
Written by Zack Whittaker on

Microsoft has patched a security vulnerability found in every supported version of Windows, which if exploited could allow an attacker to take over a system.

The software giant said in a bulletin posted Tuesday as part of its monthly release of security fixes that the the "critical" flaw could let an attacker remotely install malware, which can be used to modify or delete data, or create new accounts with full user rights.

The "critical"-rated flaw affects Windows Vista and later -- including Windows Server 2008 and later.

Those who are logged in as an administrator, such as some home accounts and server users, are at the greatest risk.

An attacker could exploit the flaw by conducting a man-in-the-middle attack on a system or print server and injecting malicious code. That's possible because the print spooler service doesn't properly validate print drivers when installing a printer.

Nicolas Beauchesne, a security researcher at Vectra Networks, who was credited with finding the flaw, explained in a blog post how the flaw works.

"Normally, User Account Controls are in place to warn or prevent a user from installing a new driver. To make printing easier, an exception was created to avoid this control," he said. "So in the end, we have a mechanism that allows downloading executables from a shared drive, and run them as system on a workstation without generating any warning on the user side. From an attacker perspective, this is almost too good to be true, and of course we had to give it a try."

The end result was turning a printer into a "drive-by exploit kit," said Beauchesne, "where we can just wait for people to come get infected without any warning."

Microsoft said that a patch has corrected the issue, and is available for download through the usual Windows Update channels.

Related

Why you should really stop charging your phone overnight
iphone-charging.jpg

Why you should really stop charging your phone overnight

iPhone
Samsung phone deal: Get the Galaxy S22 Ultra for $299
1296x729-29

Samsung phone deal: Get the Galaxy S22 Ultra for $299

Smartphones
I loved driving the Hyundai Ioniq 5 and Kia EV6, and there's only one reason I can't buy one
img-1724

I loved driving the Hyundai Ioniq 5 and Kia EV6, and there's only one reason I can't buy one

Electric Vehicles