Microsoft issues emergency Windows patch to fix critical ‘PrintNightmare’ vulnerability
Microsoft has started rolling out an emergency Windows patch to address a critical flaw in the Windows Print Spooler service. The vulnerability, dubbed PrintNightmare, was revealed last week, after security researchers accidentally published proof-of-concept (PoC) exploit code. Microsoft has issued out-of-band security updates to address the flaw, and has rated it as critical as attackers can remotely execute code with system-level privileges on affected machines.
As the Print Spooler service runs by default on Windows, Microsoft has had to issue patches for Windows Server 2019, Windows Server 2012 R2, Windows Server 2008, Windows 8.1, Windows RT 8.1, and a variety of supported versions of Windows 10. Microsoft has even taken the unusual step of issuing patches for Windows 7, which officially went out of support last year. Microsoft has not yet issued patches for Windows Server 2012, Windows Server 2016, and Windows 10 Version 1607, though. Microsoft says “security updates for these versions of Windows will be released soon.”
It took Microsoft a couple of days to issue an alert about a 0-day affecting all supported versions of Windows. The PrintNightmare vulnerability allows attackers to use remote code execution, so bad actors could potentially install programs, modify data, and create new accounts with full admin rights.
“We recommend that you install these updates immediately,” says Microsoft. “The security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as ‘PrintNightmare’, documented in CVE-2021-34527.”
Apple releases first macOS ‘Monterey’ public preview
Apple last week released the first public beta of this year’s macOS upgrade, “Monterey.”
Unlike in 2020, this time Apple met its self-imposed deadline, releasing the beta July 1. Last year, Apple declared it would issue a public beta for “Big Sur” in July but didn’t come through until August.
To obtain the preview, Mac users must enroll with Apple’s beta program — Apple ID required — then install the upgrade (using About this Mac > Software Update from the Apple menu).
As usual, Apple warned customers against installing the Monterey beta on production Macs. “We strongly recommend installing beta software on a secondary system or device, or on a secondary partition on your Mac,” the firm said in a FAQ about the program. Apple also urged users to back up their Macs before installing the preview.
To leave the beta and return to the previously run OS, customers must unenroll a Mac from the beta program and then restore the production-grade operating system using the backup. Alternately, users can unenroll the Mac from the beta program, which freezes the system at the current preview. Then, once Apple releases the final code for Monterey, they can retrieve it from the Mac App Store and install it over the beta.
The first Monterey public beta launched right in the middle of Apple’s historical timeline. During the past six macOS/OS X updates’ summer previews, five of them — from 2015’s El Capitan to 2019’s Catalina — were released between June 24 and July 9. Last year’s Big Sur was the outlier, with an Aug. 6 debut.
The span between the first public beta and the final release ranged from 75 days (Sierra) to 105 days (El Capitan), with the average running slightly more than 89 days. Big Sur took 98 days from first preview to stable code.
Slack relieves the 'huddle' audio chat feature
As businesses eye a return to the office, many are settling on a mixed approach to remote and in-office work. For those outside of the workplace, this creates challenges in re-creating serendipitous and ad-hoc interactions — the digital equivalent of a tap on a colleague’s shoulder, or watercooler chat.
With the launch today of Slack Huddles — first discussed as a prototype last October — Slack hopes to lower the barrier to start conversations in its app with “audio-first” meetings reminiscent of Clubhouse, Discord and other voice-based tools.
Slack Huddles provides a more casual and informal approach to meetings that video apps tend to lack, Slack CEO Stewart Butterfield said in a presentation Monday. “Just like email is not a great means to base all of your internal communication on, the formats that we have for meetings — blocks of 30 minutes, everyone in the conference room, or a screen of little rectangles and video feeds of people’s faces — that can’t possibly be it,” he said.
“[It means] moving from a world where meetings have to be structured, to where they can be more ad hoc and spontaneously emerge and get some of that serendipity back in the conversations," he said.
Slack users can start an audio meeting with colleagues in either channel conversations or with direct messages by clicking a “headphones” icon in the left-hand sidebar. Once started, participants can share their screen to discuss a shared document, for instance. It’s also possible to start an audio chat room with external participants, Slack said.
“[Slack Huddles] provides Clubhouse-like functionality inside of chat rooms and allows it to better compete with alternatives like Discord,” said Irwin Lazar, president and principal analyst at research and advisory firm Metrigy.
However, he expects Slack Huddles to be more of a niche feature, “as most Slack customers already have a meeting app that they've integrated into Slack” such as Google Meet or Zoom, for example. “Slack will need to educate customers on when it makes sense to use Slack Huddles versus other meeting apps (or Slack's own video meeting capabilities),” Lazar said.