Windows 'Critical' Security Flaw Hits All Versions Of OS - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Operating Systems
News
7/14/2016
02:05 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Windows 'Critical' Security Flaw Hits All Versions Of OS

Microsoft has fixed a security flaw that left all supported versions of its Windows operating system vulnerable to hackers.

10 Career-Boosting Books For Your Summer Reading List
10 Career-Boosting Books For Your Summer Reading List
(Click image for larger view and slideshow.)

Microsoft has addressed a critical vulnerability affecting every version of its Windows operating system.

The company announced a patch entitled "Security Update for Windows Print Spooler Components" on July 12. It confirmed this update was rated Critical for all supported releases of Windows.

If exploited, this vulnerability could have enabled a hacker to assume control over a system and execute a man-in-the-middle (MiTM) attack on a user's workstation or print server. The attacker could have also set up a rogue print server on a network.

[Read: HummingBad Malware Infects 85 Million Android Devices]

This type of attack would be possible because the Windows Print Spooler server did not correctly validate print drivers when installing a printer from the server.

The remote code execution vulnerability would also have let a hacker view, edit, or delete data, install programs, or create new accounts with full user rights. It's explained more in-depth in a blog post by Vectra Networks security researcher Nicolas Beauchesne, as discovered and reported by ZDNet.

Beauchesne explains how User Account Controls are typically used to warn users or prevent them from installing new a new printer driver. An exception was created in Windows to avoid this control so it would be easier to print.

"So in the end, we have a mechanism that allows downloading executables from a shared drive, and run[s] them as system on a workstation without generating any warning on the user side," Beauchesne wrote. "From an attacker perspective, this is almost too good to be true, and of course we had to give it a try."

The flaw affects all versions of Windows from Windows Vista and later, including Windows Server 2008. Microsoft notes this threat poses the biggest risk to users with administrative access, as opposed to those with fewer user rights.

Tuesday's update addresses the problem by correcting how the Windows Print spooler service writes to the file system, and issues a warning to users who attempt to install untrusted printer drivers. The patch is available via Windows Update.

(Image: Nicolas McComber/iStockphoto)

(Image: Nicolas McComber/iStockphoto)

Microsoft has adopted a tighter focus on security with the latest updates to its Windows OS, especially as it tries to get business customers to upgrade to Windows 10.

In March the company announced Windows Defender Advanced Threat Protection, a security boost designed for the enterprise that builds on safeguards already built into the OS. Some of the included protection includes Device Guard, Credential Guard, Windows Hello, and Passport.

Windows Hello leverages a biometric scanner to read a user's fingerprints, face, or iris to securely access applications and content without a password.

Passport lets users enter websites, networks, and apps without passwords after they are authenticated via biometric scanning.

Device Guard aims to eliminate zero-day attacks by scanning apps and blocking those that have not been signed by the Windows store, specific vendors, and the enterprise.

The goal of Advanced Threat Protection is to minimize the amount of time it takes for businesses to detect and contain security breaches. When an attack occurs, it provides key data such as: Who performed the attack, which devices were affected, and how the breaches are linked.

Business users will have access to these features when Microsoft launches the Windows 10 Anniversary Update on Aug. 2.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
Commentary
If DevOps Is So Awesome, Why Is Your Initiative Failing?
Guest Commentary, Guest Commentary,  12/2/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll