The Most Vulnerable Departments and Sectors to Phishing Attacks: Is Yours on the List?
With all this talk of increased cybersecurity measures and vulnerability to phishing attacks, you may be wondering: what are the most vulnerable...
1 min read
Megan Schutz July 7, 2021
As if printers weren’t already hell for IT, a new vulnerability has been disclosed on 6/29, and it affects all modern Windows devices with the printer spooler service running.
Here are the details from Microsoft — CVE-2021-34527 Windows Print Spooler Remote Code Execution Vulnerability.
In English: A vulnerability in the underlying Windows code involved in printing can be tricked to run a bad actors’ code with a high level of privilege that can do damage. The scary part is the exploitable code that facilitates printing runs all the time by default. On Windows Servers, this vulnerability can lead to your Active Directory being taken over and used against you to deploy malware/viruses.
7/13/2021 Update – Patch Tuesday includes KB5004237, which addresses a remote code execution exploit in the Windows Print Spooler service, known as “PrintNightmare”, as documented in CVE-2021-34527.
7/07/2021 Update – Microsoft has issued out-of-band security updates to address some of the flaws. We’re still waiting for a comprehensive security update that addresses the vulnerability in its entirety. Details: Microsoft’s emergency patch fails to fix critical “PrintNightmare” vulnerability.
The official advice is: stop your printer spooler service until Microsoft can get a security patch released. FYI, stopping that service stops all printing functionality. Not exactly a workable solution for businesses that need to print to function.
There are two alternatives to mitigate this vulnerability before the permanent solution from Microsoft is available.
Read more about mitigation and recent updates on the exploit here.
We acted and mass disabled spoolers on non-print servers and automatically applied the mitigation to print servers within hours of learning about this vulnerability on 6/29. We also created and deployed a monitor to detect exploitation across all clients to hedge our bets. We’re closely monitoring the situation and will push the security patch from Microsoft once it’s available and tested.
Please reach out if you have any questions.
With all this talk of increased cybersecurity measures and vulnerability to phishing attacks, you may be wondering: what are the most vulnerable...
We’re sharing the following information, hoping to prevent businesses from experiencing unnecessary IT issues that may cause frustrations, revenue...
Are you doing enough to protect your business and yourself from phishing attacks? If you think you aren’t likely to be a victim, we recommend...