Microsoft warns Windows users of unpatched critical bug

Microsoft has warned Windows users of an unpatched critical vulnerability that can help hackers install malicious programmes and access key data on their systems.

The critical flaw is present in the Windows Print Spooler service and is nicknamed 'PrintNightmare'.

The US national cyber agency has also admitted that the attacker can exploit 'PrintNightmare' to take control of an affected system.

"Microsoft is aware of and investigating a remote code execution vulnerability that affects Windows Print Spooler and has assigned CVE-2021-34527 to this vulnerability. This is an evolving situation," the company said in an update on Thursday.

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations.

"An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," Microsoft warned.

Microsoft said, "The code that contains the vulnerability is in all versions of Windows".

The Print Spooler service runs by default on Windows, including on client versions of the OS, Domain Controllers, and many Windows Server instances.

Vulnerabilities in the Windows Print Spooler service have been a headache for system administrators for years.