888.624.6737

syse-blog-header

SECURITY ALERT: Windows Print Spooler Vulnerability - PrintNightmare

July 01, 2021 | Posted in:

Security Bulletins & Alerts

UPDATE: July 7, 2021

As of July 6th, Microsoft has completed investigations and released security updates (patches) to address the Windows Print Spooler vulnerability. Systems Engineering recommends patching your workstations and servers to address this and any future vulnerabilities. Our clients who subscribe to IT Essentials, Network Security, Endpoint Security, or Network Monitoring (servers only) services, are receiving the patch as part of their regular patching schedule. For those who do not have one of our patching services, it is recommended you push the patch independently.

NOTE: The vulnerability known as "PrintNightmare" has been classified as CVE-2021-34527, and previously referred to below as CVE-2021-1675. These are similar, yet distinct vulnerabilities due to different attack vectors. The July 6th patches cover both remote code execution exploit vulnerabilities. 

If you have questions about this update, please reach out to your Account Manager.


ORIGINAL SECURITY ALERT: July 1, 2021

In early June, Microsoft released a patch to remediate a seemingly low severity vulnerability for a native, built-in Windows service named Print Spooler, also referred to as "PrintNightmare" (CVE-2021-1675). On June 21, Microsoft elevated the severity of the vulnerability to critical as there is a potential for remote code execution and local privilege escalation.

The original patch did not successfully resolve the issue, and we are waiting on an out-of-band update (outside of the normal schedule) from Microsoft or a fix on the upcoming "Patch Tuesday," which is the 2nd Tuesday in July. Microsoft has not indicated when a new patch will become available, but we will continue to check with our Microsoft contacts.

Until a proper update is available, the only way to prevent the exploit of this vulnerability would be to disable your ability to print from PCs and Servers, which includes tasks like printing items to a PDF before sending them within an email.

Course of Action

We understand that printing can be an important function in everyday business for many clients. For this reason, our recommendation is to wait for the forthcoming patch update from Microsoft to keep printing functionality in place. Once the patch is made available, customers who subscribe to our patching service will have the new patch deployed during the regular July update.

This course of action should only be pursued by customers with a solid, multi-layer security strategy already in place. If you have a more urgent need to mitigate this risk or feel it is necessary to disable the ability to print for your level of risk, please reach out to your account manager to develop a plan for a temporary workaround.

If you have questions about this security alert, please reach out to your Account Manager.