— UPDATE JULY 6, 2021 —
From Microsoft: Microsoft has completed the investigation and has released security updates to address this vulnerability. Read More. The ISG Security Team will begin testing the implementation of this patch and report back on our findings via this post.
— ORIGINAL POST, JULY 2, 2021 —
If you’ve found your way to this article, you must know that there is a new Microsoft vulnerability called “PrintNightmare” that could allow bad actors to wreak havoc on your network and your business. This article is to let you know what “PrintNightmare” is and what you should be doing about it to protect your organization.
What is PrintNightmare?
This Forbes article summed it up best by stating,
“PrintNightmare is the name that has been attached to a zero-day vulnerability impacting the Windows print spooler. A vulnerability that can ultimately, it would appear, lead to an attacker taking remote control of an affected system.”
What’s unique about this particular vulnerability is that it was only rated as “important” by Microsoft when the first patch was released on June 8th, but has since been escalated to “critical” on June 21st when it was found to enable remote code execution.
Security researchers working on this vulnerability, had actually found this, published their findings and inadvertently exposed this Windows zero-day. As of July 2nd, there is no patch for this vulnerability.
Why it matters?
Reason #1: The sheer volume of devices affected by the threat – this impacts EVERY supported Windows OS version in the wild, which essentially just made it hunting season for cybercriminals.
Reason #2: Print spooler is an essential function for almost all businesses and devices. Some people are recommending stopping the Print Spooler service across the entire organization, which is impractical in most cases.
Reason #3: The damage that can be done is significant. According to Microsoft’s update yesterday, “An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,”
What should you do?
Stay Tuned for the Patch
Several days into this, Microsoft has not commented on the problem, and a patch to this vulnerability has not been released. But we’re sure they have all hands on deck (Happy 4th of July weekend Microsoft Team). ISG’s security team is monitoring the top security forums, chats, Microsoft and working with our security partners to identify solutions.
Explore Stop-Gap Solutions
Some security professionals are suggesting stopping the print spooler service across the entire organization. This may or may not be right for your company. For most businesses, this is not a great option. There are a number of workarounds being discussed online. ISG has implemented a stop-gap solution that mitigates risk for ISG and our clients.
Reinforce Employee Security Awareness
Cybercriminals need a way into your network before they can exploit this vulnerability, and 90% of security breaches happen via email. So… you should reinforce to your employees how important their role is in the security of the organization. Here’s what we reminded our employees (and yes, we used big bold, all caps letters):
- DO NOT OPEN ATTACHMENTS you weren’t expecting
- DO NOT CLICK ON LINKS you don’t know are safe
- DO NOT PROVIDE PERSONAL OR CONFIDENTIAL INFORMATION at the request of an email or phone call you receive.
If you need help…
Contact Your Trusted IT Service Provider
If you are unsure of what to do for your organization, reach out to an IT Service provider. ISG would be happy to help you navigate the situation. We have already taken steps to mitigate our risk, are continuing conversations with our strategic security partners about mitigation strategies and are on the lookout for the patch from Microsoft.
Stay tuned for more information or contact ISG today.