How to protect yourself from the new wave of attacks targeting the Windows Print spooler service
If you run Windows, this could mean that your computer has already been compromised. Now that two new security holes have been revealed in the Windows Print spooler service, Microsoft recommends that all users patch their systems immediately and disable the service if they’re not using it. While both flaws require attackers to be on the same local network as their targets, one of them can also be exploited remotely over the Internet.
The importance of Windows print services
The print spooler is a software component that is responsible for managing printer jobs. It’s responsible for receiving, storing and transmitting print jobs from applications such as Microsoft Word. If there are any flaws found in this system, it could allow for remote attacks and cyber-attacks on your computer. What can you do to protect yourself? The first step is to install updates in order to fix these critical flaws as soon as possible. You should also be wary of clicking on links or attachments in e-mails you receive because they may contain malware designed to exploit these vulnerabilities. Finally, always update your antivirus software so that it can detect and block any potential threats before they have a chance to infect your computer with malicious code.
The vulnerability of print services
It’s important to note that this vulnerability is not in Windows Server 2008 R2, but rather in all previous versions. In other words, this vulnerability is for everyone out there who has not yet upgraded their print server. And if you’re wondering how big an issue this could be, Microsoft had this to say: An attacker who successfully exploited this vulnerability could take complete control of an affected system by sending a specially crafted print job to the printer.
It should also be noted that while these flaws were found in recent versions of Windows Server 2003 and 2008 R2, they affect all previous versions as well. So if you’re one of those folks still running XP or Vista on your print servers (and there are quite a few), then it’s time to start getting nervous.
The attack
The critical flaws in Windows Print Spooler Service that could allow for remote attacks were discovered by a team of researchers at CyberArk. Microsoft has addressed these vulnerabilities with a security update and has urged users to install it as soon as possible. The vulnerability, which was assigned the identifier CVE-2017-0176, occurs when a specially crafted .PJL file is sent to an affected system. This will allow for remote code execution and could result in an attacker taking complete control over the system. With this level of access, an attacker can do anything they want with the system including stealing any data that is available on it.
Disabling unnecessary services (Windows)
Critical flaws in Windows Print spooler service could allow for remote attacks and Microsoft is warning users to disable this unused or unnecessary services. Simply follow these steps: 1) Press Windows key + R, type services.msc into the Run window, then press Enter 2) Scroll down until you see the Print Spooler service 3) Double click on it 4) Select Startup Type and change it from Automatic (Delayed Start) or Automatic (Delately Started by Service) to Manual 5) Click Apply followed by OK 6) Restart your computer 7) Open Task Manager 8 ) Right-click on Taskbar and select Task Manager 9) Under Services tab, scroll down until you see Print Spooler 10) Right-click it 11) Choose Stop 12) The service will be stopped 13) If a dialog box appears asking if you want to stop other system processes that depend on the print spooler (for example, other printing applications), answer No
Scanning your system
Scan your system for any critical flaws in the Windows Print Spooler Service that could allow for remote attack. Be sure to use a reputable scanning software with a long history of good ratings. Scanning will not only help you avoid these vulnerabilities, but also improve your computer’s performance. An analysis of the Windows print spooler service revealed critical security bugs, one of which has already been exploited by hackers.
The same group has used this technique before and are likely to do so again.
The other security vulnerability can be accessed through port 9100 on TCP/IP and is currently unfixed by Microsoft.
Be vigilant! If you notice any issues or discrepancies with your printer configuration, scan your system immediately!
What is a Microsoft anyway?
Microsoft is a multinational software company based in Redmond, Washington. It was founded by Bill Gates and Paul Allen on April 4th, 1975. The company develops computer software, personal computers, and mobile devices. Microsoft’s best known products are the Microsoft Windows operating systems and office suites such as Office 365. Its flagship hardware products are the Xbox One and Xbox 360 consoles, as well as the Surface tablet lineup. In 2012, it acquired Skype Technologies for $8.5 billion in its largest acquisition ever. In 2014, the company released two phones under the Nokia brand: the Nokia 215 with Internet browsing capabilities and low-end specifications; and the Nokia 220 which runs Series 30+ UI platform (a low end series of Symbian OS). These are targeted at emerging markets where smartphones are too expensive for many consumers.