Today Microsoft released an Out-of-Band (OOB) security update for CVE-2021-34527, also known as, PrintNightmare. This security update is meant to patch a hole in the Windows Print Spooler service, which allows multiple people to access the same printer.
To summarize the threat, per Microsoft, a remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploits this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
The PrintNightmare flaw lets any attacker with a domain account easily take over Active Directory. Microsoft itself said “domain controllers are affected if the print spooler service is enabled.” All client systems and servers that are not domain controllers are impacted too. Failure to update systems against PrintNightmare can result in a total loss of confidentiality, integrity, and availability. Security updates released on and after July 6, 2021 contain protections for the remote code execution exploit.
What should you do? We recommend that you urgently install the July 2021 Out-of-band updates on all supported Windows client and server operating systems, starting with devices that currently host the print spooler service.
Ransomware threat actors will (probably already are) going to take advantage of this flaw. The likelihood that an organization will have their entire network/domain compromised (and ransomed) is more likely in the event of an intrusion if these emergency patches are not applied promptly.
Ransomware is one of the most significant business threats facing most organizations (and a threat that is on everyone’s radar due to recent events). I would recommend emphasizing that being disregardful of this issue will result in a much higher likelihood in complete domain compromise and significant disruption to the business.
Bottom line up front: If you don’t patch this as soon as possible, your entire organization’s network is very likely to be compromised quickly and easily in the event of an intrusion; unless you patch your most critical systems, starting with Domain Controllers, then Member Servers, and then end user Workstations. Need help? Contact us about our cybersecurity services.
For more information on this urgent cybersecurity news, see Microsoft’s cybersecurity update at the link below:
Gui Cozzi
Cybersecurity Practice Lead