Following the release of a U.S. Cybersecurity & Infrastructure Security Agency (US-CERT) Coordination Center VulNote “for a critical remote code execution vulnerability in the Windows Print spooler services” on June 30, 2021, Microsoft issued new guidance for the vulnerability (CVE-2021-34527) on July 1, updated guidance on July 2, 2021, and an emergency patch on July 6, 2021.
According to US-CERT, the “update does not address the public exploits that also identify as CVE-2021-1675.” US-CERT has confirmed that “an attacker can exploit this vulnerability-nicknamed PrintNighmare-to take control of an affected system.”
What to do about the Windows Print Spooler vulnerability?
According to CISA, “CISA encourages administrators to disable the Windows Print spooler service in Domain Controllers and systems that do not print. Additionally, “domain controllers and Active Directory admin systems need to have the Print spooler service disabled. The recommended way to do this is using a Group Policy Object.”
Security researchers are urging that the patch be deployed as soon as possible, since the vulnerability is being actively exploited in the wild, and the vulnerability can take over a Windows domain controller. Although the Kaseya security incident is receiving the bulk of media attention, this vulnerability could affect many more businesses that use Windows.
According to Microsoft, the patch will provide additional security for the enabling of print software. It stated in a recent blog post that, “After installing such updates, delegated admin groups like printer operators can only install signed printer drivers. Administrator credentials will be required to install unsigned printer drivers on a printer server going forward.”
Consider this patch a priority if using Windows. It was so urgent, that the emergency patch was issued by Microsoft a week before its normal monthly software updates.