Microsoft is patching the PrintNightmare vulnerability, following a botched disclosure of the zero-day exploit.
PrintNightmare is an exploit that targets the Windows Print Spooler. Researchers at Sangfor accidentally released the proof-of-concept code, mistakenly believing Microsoft had already patched the vulnerability, according to The Verge. Despite quickly deleting the code, it had already been forked and was in the wild. PrintNightmare allows an attacker to install programs, create new accounts with admin rights and modify data.
Microsoft has since announced the vulnerability is being actively exploited, and has said all version of Windows are impacted. In response to the situation, Microsoft has issued emergency patches, including to the now defunct Windows 7, indicating the severity of the vulnerability.
Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability.
