What We Know For Patch Tuesday July 2021, Microsoft is patching the vulnerability and ongoing exploitation of PrintNightmare. You can read about CVE-2021-34527 on the Microsoft vulnerability site here. This one is really causing a lot of pain for organizations and CISA has also released Emergency Directive 21-04 that outlines what and when Federal Civilian Executive Branch agencies must do to mitigate this one.

What We Know On June 29, 2021, a Proof-of-Concept (PoC) exploit code was published on GitHub for a vulnerability related to (CVE-2021-1675) in the Microsoft Print Spooler (spoolsv.exe)--the process that manages printing services. This vulnerability has been given the nickname of “PrintNightmare."  Although Microsoft released an update in early June 2021 as part of the updates in patch Tuesday, it does not look like this update protects against the PoC code. As this is PoC exploit, it appears to work and is being referred to as a Zero-Day exploit. It's important to note that the exploit does require a user login and password or a password hash to work which could be used by adversaries for use with phishing to get an elevation of privilege. No Known Fix; Recommended Workaround Because there is currently no known fix, the recommended workaround is to disable the print spooler service on Domain Controllers and systems that do not print. Yesterday CISA released a VulNote for this vulnerability.  

By Randy Becker, VP & Principal Security Architect Yesterday, May 25th, VMware announced there are two new vulnerabilities in their vCenter management platform; this impacts many of the production vCenter deployments regardless of if you are using VMware Virtual SANs or not. VMware is providing a workaround and a fix for affected versions of vCenter. We recommend reading all the details on this before taking any action. Workarounds could impact functionality if you are using vSAN, so read thoroughly. Per VMware: “This needs your immediate attention if you are using vCenter Server.”

By Randy Becker, VP & Principal Security Architect On May 4, 2021, SentinelLabs posted that they had discovered five Dell security bugs collectively tracked as CVE-2021-21551. This local privilege-escalation (LPE) has a CVSS vulnerability-severity rating of 8.8 out of 10. SentinelLabs proactively reported their findings to Dell on Dec 1, 2020. These five high-severity security vulnerabilities in Dell’s firmware update driver have the potential to impact hundreds of millions of Dell desktops, laptops, notebooks, and tablets.

By Randy Becker, VP & Principal Security Architect Microsoft April 2021 Patch Tuesday brings us 4 critical on-premises Exchange RCE CVEs, 2 with a base CVSS Score of 9.8 out of 10 with no privileges required, 1 with a CVSS Score of 9 with an attack vector adjacent with low privileges required, and 1 with an 8.8 and low privileges required.

By Randy Becker, VP & Principal Security Architect The pandemic has brought new and interesting challenges for all of us to deal with and certainly the balance of supporting users working remotely while ensuring security has not been easy. Initially we all had to scramble to figure out ways to allow employees to work from home. Some crazy things happened, including people bringing their desktop PCs home, connecting home PCs (with unsupported operating systems) to corporate VPNs, etc. Now we are seeing discussions about returning to work. What does that look like and what is it called?

By Randy Becker, CISO & VP, Network and Security Consulting I am often asked by customers, “If you could only do one thing to improve your security posture right now what would it be?” That’s an easy answer: implement immutable backups to protect against a ransomware attack. So, what exactly is an immutable backup? Simply stated, it is a backup that is read-only and cannot be deleted by anyone, including an administrator, threat actors, or, you know, the “bad guys.”

By Randy Becker, CISO & VP, Network and Security Consulting Microsoft just released a new PowerShell script called the Exchange On-premises Mitigation Tool (EOMT). https://github.com/microsoft/CSS-Exchange/tree/main/Security#exchange-on-premises-mitigation-tool-eomt. This single script will automatically grab necessary downloads and dependencies for mitigation and malware scan, and reverse changes made by known threats.

By Randy Becker, CISO & VP, Network and Security Consulting As if the SolarWinds fiasco and the massive global on-premises Exchange Servers attack weren’t bad enough, here comes Microsoft Patch Tuesday for March 2021. Microsoft Patch Tuesday announces 82 vulnerabilities, with 10 plus classified as critical, 1 zero-day exploit, and 72 as important. These have all be fixed in this month’s update courtesy of Microsoft. Of special note, these numbers do not include the 7 Microsoft Exchange and 33 Chromium Edge vulnerabilities already released.