Microsoft has addressed a critical vulnerability affecting every version of its Windows operating system.
The company announced a patch entitled "Security Update for Windows Print Spooler Components" on July 12. It confirmed this update was rated Critical for all supported releases of Windows.
If exploited, this vulnerability could have enabled a hacker to assume control over a system and execute a man-in-the-middle (MiTM) attack on a user's workstation or print server. The attacker could have also set up a rogue print server on a network.
This type of attack would be possible because the Windows Print Spooler server did not correctly validate print drivers when installing a printer from the server.
The remote code execution vulnerability would also have let a hacker view, edit, or delete data, install programs, or create new accounts with full user rights. It's explained more in-depth in a blog post by Vectra Networks security researcher Nicolas Beauchesne, as discovered and reported by ZDNet.
Beauchesne explains how User Account Controls are typically used to warn users or prevent them from installing new a new printer driver. An exception was created in Windows to avoid this control so it would be easier to print.
"So in the end, we have a mechanism that allows downloading executables from a shared drive, and run[s] them as system on a workstation without generating any warning on the user side," Beauchesne wrote. "From an attacker perspective, this is almost too good to be true, and of course we had to give it a try."
The flaw affects all versions of Windows from Windows Vista and later, including Windows Server 2008. Microsoft notes this threat poses the biggest risk to users with administrative access, as opposed to those with fewer user rights.
Tuesday's update addresses the problem by correcting how the Windows Print spooler service writes to the file system, and issues a warning to users who attempt to install untrusted printer drivers. The patch is available via Windows Update.
Microsoft has adopted a tighter focus on security with the latest updates to its Windows OS, especially as it tries to get business customers to upgrade to Windows 10.
In March the company announced Windows Defender Advanced Threat Protection, a security boost designed for the enterprise that builds on safeguards already built into the OS. Some of the included protection includes Device Guard, Credential Guard, Windows Hello, and Passport.
Windows Hello leverages a biometric scanner to read a user's fingerprints, face, or iris to securely access applications and content without a password.
Passport lets users enter websites, networks, and apps without passwords after they are authenticated via biometric scanning.
Device Guard aims to eliminate zero-day attacks by scanning apps and blocking those that have not been signed by the Windows store, specific vendors, and the enterprise.
The goal of Advanced Threat Protection is to minimize the amount of time it takes for businesses to detect and contain security breaches. When an attack occurs, it provides key data such as: Who performed the attack, which devices were affected, and how the breaches are linked.
Business users will have access to these features when Microsoft launches the Windows 10 Anniversary Update on Aug. 2.