MS – Critical Patch Release – All Versions

MS-HQ

MS has just released a critical patch for all “supported” versions of Windows.    It is an issue caused by insecure installment of printer drivers from bogus server sites (often “posing” as valid sites).

It turns out, in order to make Windows even easier to use for the low-information user, . . . MS disabled a built in security feature:

“This type of attack would be possible because the Windows Print Spooler server did not correctly validate print drivers when installing a printer from the server.”

“The remote code execution vulnerability would also have let a hacker view, edit, or delete data, install programs, or create new accounts with full user rights. It’s explained more in-depth in a blog post by Vectra Networks security researcher Nicolas Beauchesne, as discovered and reported by ZDNet.”

“Beauchesne explains how User Account Controls are typically used to warn users or prevent them from installing new a new printer driver. An exception was created in Windows to avoid this control so it would be easier to print.”

Info Week Article

SO, bottom line:   don’t procrastinate . . . install your patches/updates regularly (especially critical ones).

Save

Save

Save

Save

Save

One thought on “MS – Critical Patch Release – All Versions”

  1. Reading the article I found “The company announced a patch entitled “Security Update for Windows Print Spooler Components” on July 12. It confirmed this update was rated Critical for all supported releases of Windows.”
    So I checked my latest updates done on July 12. Nothing with that name. Hummm . . .
    Looking back at the Info Week Article – I found a table showing this “Windows 10 Version 1511 for x64-based Systems [2] (3172985)”
    Looked for that number and found my update was titled “Cumulative Update for Windows 10 Version 1511 for x64-based System KB3172985” which installed 12 July 2016.

    My machine has successfully installed all Win10 updates thus far. Fingers crossed for future ones.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.