WINDOWS’ PRINT NIGHTMARE
Patch required after bug details appear online
IN MAY, RESEARCHERS uncovered a vulnerability in Windows that could enable hackers to access people’s printers. Unfortunately, they put the proof of concept online, so a potential threat became a real one. Apparently, they assumed that Microsoft had fixed the problem. Two bugs had been merged into one Microsoft security indicator, but only one had been fixed. The flaw enables hackers to remotely execute code with system level access. The Cybersecurity and Infrastructure Security Agency issued an emergency directive to federal agencies to disable the Windows Print Spooler or risk the compromise of the “entire identity infrastructure of a targeted organization.” Cue an emergency patch from Microsoft. The fix did cause a few printers to stop working, but it’s hardly unheard of for a patch to break something else. A new patch followed quickly. We think the lesson here is: Don’t assume Microsoft has fixed anything.