Back navigationBack to articles

Microsoft’s security flaw update doesn’t fully fix the vulnerability

Meghan Ingraham
July 7, 2021
article-image

Yesterday, Microsoft users were alerted to a major flaw in the company’s operating system. The flaw impacts the Windows Print Spooler service and could potentially enable hackers to view and delete customer data.

Microsoft instructed all of its Windows users to install a protective software patch in response to the flaw. But today there’s news that the patch fails to fix the problem.

What happened

Researchers at the cybersecurity company Sangfor mistakenly published a tutorial on how to take advantage of it via Twitter. Windows 10 and 7 are both subject to this security flaw (it has a name: PrintNightmare).

Microsoft recently stopped supporting Windows 7 though they still issued an update for the retired operating system in order to counteract PrintNightmare.

Updates for Windows Server 2016, Windows 10, version 1607, and Windows Server 2012 are “expected soon,” the company said in a statement.” We recommend that you install these updates immediately.”

How these attacks could affect users

If users fail to update their Windows operating system, cyber attackers may be able to install programs and create new user accounts with full rights on affected devices.

Late last week, hackers tried to use an IT service called Synnex to gain access to customer applications within Microsoft’s cloud.

Since news of the attempted breach broke, Synnex’s stock plummeted down $3.37 to $117.50 in trading, which marks a record low for the company.

Other security breaches

Insiders have begun to speculate that this recent hack is related to the Kaseya ransomware attacks that have been going on since last Friday. IT solutions developer Kaseyam announced that it had experienced a cyberattack during Independence Day weekend.

It is estimated that somewhere between 800 to 1,500 small to medium-sized companies have fallen victim to similar breaches as of Wednesday. All of these attacks exploited a flaw in Kaseya’s system in order to leverage stolen data in exchange for ransom payments.

We do not know if this is related to the Kaseya ransomware attack to MSPs and some end customers,“ Michael Urban, Synnex’s president of worldwide technology solutions distribution, said in an emailed statement. ”That is part of the review. SYNNEX is not an MSP, and we have no relationship with Kaseya and do not use its systems.”

Microsoft made news on several different occasions earlier this year revealing other serious security flaws. A few months back, the data of thousands of Microsoft Exchange users were exposed as a result of four vulnerabilities in its software. These flaws enabled hackers to access their email and calendar services.

And last year, the National Security Agency notified the company about a flaw in its Windows operating system that could let hackers pose as legitimate software companies.

The patch fails to fix the flaw

According to Ars Technica, the patch is flawed but “still provides meaningful protection against many types of attacks that exploit the print spooler vulnerability.” No further updates are available.

Table of Contents

Share This Article

Related Stories