Image: Budrul Chukrut/SOPA Images/LightRocket via Getty Images
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.
Advertisement
Advertisement
On June 21, Microsoft reclassified the vulnerability as high risk, as it allows Remote Code Execution, or RCE, the industry's jargon for a flaw that allows hackers to take full control of a target's computer or server. To be clear, bugs that enable RCE can be very bad."I think Microsoft realized the flaw is critical, it's just that the issued patch didn't completely address the underlying vulnerability," Joe Slowik, a security researcher and intelligence and detection lead at cybersecurity firm Gigamon. "This is concerning."Microsoft did not immediately respond to a request for comment.
There appears to be a way for people who are worried about this to mitigate the risks. "The only mitigation we know currently is disabling the Print Spooler service, which of course has an unpleasant side effect of not being able to print via the server anymore," Mitja Kolsek, the CEO of ACROS Security and one of the researchers who has looked into this exploit, told Motherboard in an online chat.
Slowik explained that Print Spooler, the Microsoft service wherein the flaw lies, is "is enabled by default in Domain Controller installations, and many other Windows server configurations," mostly in enterprise environments. A Domain Controller is a type of Microsoft server that manages authentication requests.Subscribe to our cybersecurity podcast, CYBER.Do you have more information about this vulnerability? We’d love to hear from you. Using a non-work phone or computer, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, lorenzofb on Wickr and Wire, or email lorenzofb@vice.com