zero-day Archives

Windows is one of the most popular operating systems around and, as it’s a Microsoft product, you would like to think it’s safe. But this isn’t quite true.

As part of their January 2022 ‘Patch Tuesday’ report, Microsoft announced that 97 new security vulnerabilities had been discovered across its range of operating systems. And with an estimated 1 billion Windows PCs in use across the globe, this is very concerning. Any operating system, of course, is a highly complex piece of software. The sheer amount of coding required, to deliver high quality functionality, means that mistakes are inevitable. And then there are the hackers, individuals who are determined to find new and innovative ways to breach Windows.

What Were the Vulnerabilities?

Nine of the reported vulnerabilities were classed as critical by Microsoft, with the remaining 88 being classed as significant threats. Technical details are yet to be released, but it’s known that some of the critical vulnerabilities were associated with Microsoft Exchange Servers and the HTTP Protocol Stack. And, in particular, the HTTP Protocol Stack vulnerabilitiy is one which would allow hackers to allow remote code execution i.e. taking control of an affected PC from a remote connection.

Six of the vulnerabilities discovered have also been categorized as zero-day vulnerabilties. These affect a range of Windows background processes and, as they are classed as zero-day, it’s believed that they were known to hackers before Microsoft’s announcement. Collectively, the 97 vulnerabilities are believed to have impacted the security of major Microsoft applications including Excel, Word, Edge, Windows Defender and all manner of network tools. As a result, it’s believed that users of Windows 7, Windows 8, Windows 10, Windows 11, Windows Server 2019 and even Windows Server 2022 are all at risk.

How Can Windows Users Stay Safe?

Naturally, any user of Windows is likely to be very concerned after reading the above. But the good news is that Microsoft’s January 2022 patch addresses all of these vulnerabilities. Installing it, therefore, should be the number one priority for any PCs running Windows. And that will be nearly all of them. Unfortunately, for those running Windows Server 2019 and Server 2022, this patch was withdrawn due to bugs it was generating in these environments. Users of these operating systems should remain extra vigilant and ensure that automatic Windows updates are in place.

Final Thoughts

The last few months have been relatively poor for Microsoft when it comes to patching vulnerabilities. In September 2021, it was revealed that their patch for the ‘PrintNightmare’ flaw contained bugs which negatively affected numerous printers. And, now, it appears to be history repeating itself with Windows Server users left vulnerable to both security risks and buggy updates. These issues will, no doubt, be rectified quickly but, as ever, time is of the essence when it comes to PC security. Ultimately, installing each and every security update remains the very best practice for protecting your IT devices.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Windows Print Spooler Vulnerability Accidentally Leaked

Cyber Security, Microsoft, Network, Ophtek, patches, print spooler, zero-daymicrosoft, network, Ophtek, patch, print spooler, security, zero-dayOphtek, LLC

Jul 2021

If a hacker can find a software vulnerability, then it grants them easy access to a PC. This is even easier when a vulnerability is leaked by researchers.

Security researchers are constantly searching for software and hardware vulnerabilities. But where researchers and hackers differ is their intent. A security researcher wants to legitimately identify vulnerabilities so that they can be secured and lessons learned for the future. However, a Chinese technology firm by the name of Sangfor recently revealed details of an unknown Windows vulnerability in Print Spooler. And, unfortunately, Microsoft hadn’t managed to patch it.

What is a Zero-Day Vulnerability?

The type of vulnerability found in Print Spooler is known as a zero-day vulnerability. This name refers to the number of days a software vendor has had to patch a vulnerability and the percentage chance that a user has of being protected. And this is why zero-day vulnerabilities are so dangerous. There is no immediate protection available, so hackers are given free rein to cause widespread chaos.

What is the Print Spooler Vulnerability?

The design of the Print Spooler vulnerability – whose exploit code was listed within Sangfor’s paper – has the potential to cause numerous issues. The specifics of this exploit allow hackers to obtain full system access privileges. This is achieved by granting them permission to load malicious drivers into any servers containing this vulnerability. With full control of an IT network, hackers can then download further malware, steal data and operate infected workstations from a remote location. And, although a patch was recently released for vulnerabilities in Print Spooler, this particular exploit was not identified by Microsoft.

How Do You Protect Against Vulnerabilities?

As of the time of this article, Microsoft do not have a patch available for what has been dubbed the PrintNightmare vulnerability. This is concerning as it provides a significant amount of risk to Windows users. While it is certain that Microsoft will release a security patch, the fact remains that – as revealed by Microsoft – attacks using this exploit have already been identified. Therefore, you need to know how to protect your IT systems:

Disable Print Spooler: In the case of the PrintNightmare vulnerability, you can eliminate the risk is by temporarily disabling the print spooler. This does, however, remove the ability for your organization to print across its network.

Monitor Network Activity: If your IT system has been exploited through a vulnerability then it’s likely there will be an increase in network activity. This will be most visible in outgoing traffic as the hackers will likely be transmitting data to a remote server. An increase in data output to an unknown location should ring alarm bells and indicate that something is wrong.

Always Install Patches: The best way to secure your IT infrastructure is to install all patches as soon as they’re available. New vulnerabilities are discovered every day, so it’s vital that you treat any newly released patches as a priority. A swift approach to these relatively hassle-free installs can be the difference between a secure system and one which is breached.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Tag Archives: zero-day