Businesses Warned of a PrintNightmare
Posted by: GuidePoint Security
Published: July 8, 2021, 11:54am
Microsoft is warning of a new zero-day exploit impacting the Print Spooler and affecting all Windows versions. It appears that the technical details for this new vulnerability—CVE-2021-34527—were accidentally leaked in confusion with another bug (CVE-2021-1675), which is also related to the Print Spooler. Researchers that exposed this newest vulnerability discovered that the CVE-2021-1675 fix was actually incomplete and could allow additional attack. They dubbed the vulnerability PrintNightmare. This added vulnerability involves the RpsAddPrinterDriverEx() function, enabling an attacker to execute code on a compromised PC, and then install programs, create new accounts, and change data. While patches for CVE-2021-1675 have been issued, additional fixes for this new vulnerability are not yet available. Microsoft indicated that it has detected active exploitation of the newest vulnerability.
Next Steps
This vulnerability is considered extremely serious by security researchers. Both Microsoft and CISA are encouraging IT and security administrators to disable the Windows print spooler. With the print spooler disabled, the affected computer will no longer be able to operate as a print server, although local printing with an attached printer would still be available.
Microsoft’s next Patch Tuesday is scheduled for Tuesday, July 13. It is unclear whether a patch for PrintNightmare will be issued at this time. In addition, GuidePoint Security advises businesses to engage vulnerability management as a service (VMaaS) to help manage the plethora of vulnerabilities and zero-days. In addition, professional penetration testing can assist organizations in better understanding and identifying vulnerabilities in an enterprise system.
Check out our other blog posts from this past week.
GuidePoint Security