Microsoft Corp. has issued an urgent advisory notice recommending that Windows users immediately install an update to fix a serious vulnerability.

The flaw, known as PrintNightmare, affects the Windows Print Spooler service. Attackers who can remotely execute the code can gain system-level privileges, including the ability to install software, modify or delete data and create administrative accounts that effectively give them full control of the computer or even a domain controller.

The vulnerability was revealed last week after researchers at security firm Sangfor Technologies Inc. accidentally published proof-of-concept code that showed how to exploit the flaw. Sangfor later deleted the instructions, but copies had already been posted elsewhere.

The vulnerability affects multiple versions of Windows, including Windows 10, Windows 7, Windows 8.1, Windows Server 2012 and Windows Server 2016. Microsoft recommends that the patch be installed immediately using the Windows Update service and that businesses disable the Print Spooler service until the fix can be applied to every PC on its network.

The company also took the unusual step of posting a patch for PCs running Windows 7, despite the fact that support for that 12-year-old OS ended 18 months ago. Microsoft says there are more than 1.3 billion devices currently running Windows 10.

The Sangfor team may have wrongly thought its proof-of-concept related to a Windows Print Spooler service vulnerability that had already been patched, but other researchers tested and found out it still worked, according to IT News. The code was posted to GitHub, a popular site with software developers, and quickly spread through social media.

The Print Spooler service, which was added to Windows in the mid-1990s, organizes print jobs on a user’s computer. It has been the source of numerous security woes, the most famous of which was the Stuxnet worm, which destroyed Iranian nuclear enrichment centrifuges and affected more than 45,000 networks around the world in 2010.

Windows has also been the target of several recent vulnerability reports, including a flaw in Windows Server revealed last fall that could allow attackers to gain domain administrative privileges and a bug in the way Windows handles encryption certificates that was revealed by the U. S. National Security Agency 18 months ago.

Photo: Microsoft Sweden on Flickr