Microsoft has released an out-of-band patch for the security flaw known as PrintNightmare that is under attack already and lets attackers take control of a PC.The PrintNightmare bug is being tracked as CVE-2021-1675 and CVE-2021-34527. It’s a critical bug in the Windows print spooler with exploit code in the public domain before Microsoft had a chance to release a patch for it. Admins were advised to disable the Print Spooler service until a patch was made available. 

The remote code execution vulnerability surfaces when the Windows Print Spooler service improperly performs privileged file operations, according to Microsoft. “An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” it warned in an advisory. SEE: Network security policy (TechRepublic Premium)Microsoft has now completed its investigation and released security updates to address the security bug.     “The security updates released on and after July 6, 2021 contain protections for a remote code execution exploit in the Windows Print Spooler service known as “PrintNightmare”, documented in CVE-2021-34527, as well as for CVE-2021-1675,” Microsoft said. 

“We recommend that you install these updates immediately,” Microsoft said. The bug looks to be a serious concern at Microsoft, which has taken the rare step of releasing patches for Windows 7. That version of Windows reached the end of mainstream support on January 14, 2020. Very occasionally Microsoft releases patches for unsupported versions of Windows. It did that for Windows XP in 2017 after the WannaCry ransomware attacks, which were blamed on North Korean hackers. Windows 7 accounts for a smaller share of all Windows PCs out there today, but the numbers remained significantly large enough for Google to maintain Chrome support for Windows 7 until July 2021. SEE: Ransomware: Paying up won’t stop you from getting hit again, says cybersecurity chiefHowever, some versions of Windows will get patches at a later date. “Updates are not yet available for Windows 10 version 1607, Windows Server 2016, or Windows Server 2012. Security updates for these versions of Windows will be released soon,” Microsoft noted. It’s also published queries that security teams who use Microsoft 365 Defender can use to hunt down exploits for the print spooler vulnerability.  More

<!–> ZDNET’s key takeaways The Chipolo Pop Tracker tag is small, durable, water-resistant, and loud. User-replaceable battery lasts a year. Like all third-party tags, they do not support Apple’s own precision finding. –> For me, finder tags like the Apple AirTags<!–> have been a game changer. And that’s not a word of hyperbole. They have […] More

Jason Hiner and Kerry Wan/ZDNETFollow ZDNET: Add us as a preferred source More

Grant Faint/Photodisc/Getty Images Follow ZDNET: Add us as a preferred source<!–> on Google. ZDNET’s key takeaways Europeans are moving away from US-based products and services. This is due to a loss of trust in American tech companies and the government. Open-source-based companies are benefiting the most.  Unlike any tech conference I’ve attended in the last […] More

GitHub has introduced a new scanning feature for protecting developers from accidental secret leaks.

On April 4, the Microsoft-owned code repository said the GitHub Advanced Security suite has now been upgraded with a new push protection feature to prevent the leak of secrets that could compromise organization-owned projects.GitHub Advanced Security is a licensed business product including code scanning, supply chain attack protection, and Dependabot alerts. The new feature is an optional check for developers to use during their workflows before a git push is accepted. As of now, the scan will only check for “highly identifiable patterns” of potential leaks based on the collaborative efforts of GitHub and partner organizations, including token issuers. There are 69 patterns in total that the tool will check for as potential indicators of secret leaks. In addition, over 100 different token types are checked. These include those issued by Alibaba Cloud, Amazon, AWS, Azure, npm, Slack, and Stripe.GitHub says that over 700,000 secrets across thousands of private repositories have been detected to date. If push protection is enabled, a scan will check for high-confidence leak patterns. If a pattern flags up, the push is blocked. According to the company, there has been a low false-positive rate during testing. “If a secret is identified, developers can review and remove the secrets from their code before pushing again,” GitHub explained. “In rare cases where immediate remediation doesn’t make sense, developers can move forward by resolving the secret as a false positive, test case, or real instance to fix later.” Open security alert cases are automatically generated if instances are selected as issues to be resolved after a push. The new feature can be enabled in the suite’s user interface or via the API. “By scanning for highly identifiable secrets before they are committed, we can, together, shift security to being proactive instead of reactive and prevent secrets from leaking altogether,” GitHub commented.  Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More