Microsoft has found yet another security flaw in its PrintSpooler service that allows Windows to print documents. The total tally of flaws now sits at three.
The first one was addressed in a June security update, only for another one to be discovered called 'PrintNightmare' which affected every version of Windows and the company put out a patch that partially fixed the issue. Now a third flaw has been discovered which leaves Windows unable to print documents.
"An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations," Microsoft revealed in a post.
"An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."
This means anyone who gains access to System privileges through this bug can potentially run malicious code on a system without the user knowing about it. Windows has said that this hasn't been exploited yet but now that it has been disclosed, it is likely that threat actors will look to take advantage.
Microsoft hasn't disclosed the versions of Windows this affects but has categorically said that this flaw can only be used if the threat actor already has permissions or the ability to execute malicious code on the system. The only workaround so far is to disable the service altogether, which would leave you unable to print documents.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
