Microsoft fixes critical PrintNightmare bug

Microsoft has issued a fix for a critical bug dubbed PrintNightmare.

It says, external hackers are using the bug, accidentally disclosed by researchers.

It can help them "install programs; view, change, or delete data; or create new accounts with full user rights" remotely on all versions of Windows.

It affects the Windows Print Spooler, software that manages printing, controlling the order in which print jobs from computers in an office are put in a queue, for example.

But hours after the release of the fix, reports emerged that security researchers had found a way to bypass it. Microsoft told tech news site Bleeping Computer, external it was "aware of claims and are investigating" - but did not think the bypass worked on properly-secured systems.

Max Heinemeyer, of computer security firm Darktrace, told the BBC PrintNightmare was like, "a cyber bazooka - it is relatively easy for criminals to use and can be leveraged to make a huge impact".

He praised Microsoft for responding quickly and offering fixes, "even for products no longer under official support".

The fix, a patch, is available for systems as far back as Windows 7.

Updates are not yet available for Windows 10 version 1607, Windows Server 2016, or Windows Server 2012 but would be "soon", Microsoft says, external.

But The Register noted:, external "The first two versions mentioned are five years old and could well be quite widely used."