MS has just released a critical patch for all “supported” versions of Windows. It is an issue caused by insecure installment of printer drivers from bogus server sites (often “posing” as valid sites).
It turns out, in order to make Windows even easier to use for the low-information user, . . . MS disabled a built in security feature:
“This type of attack would be possible because the Windows Print Spooler server did not correctly validate print drivers when installing a printer from the server.”
“The remote code execution vulnerability would also have let a hacker view, edit, or delete data, install programs, or create new accounts with full user rights. It’s explained more in-depth in a blog post by Vectra Networks security researcher Nicolas Beauchesne, as discovered and reported by ZDNet.”
“Beauchesne explains how User Account Controls are typically used to warn users or prevent them from installing new a new printer driver. An exception was created in Windows to avoid this control so it would be easier to print.”
SO, bottom line: don’t procrastinate . . . install your patches/updates regularly (especially critical ones).