GreenPages Blog

As an IT professional, you need to stay current on all things tech; with articles from industry experts and GreenPages' staff, you get the info you need to help your organization compete and succeed!

All Posts

"PrintNightmare” Microsoft Zero Day in Print Spooler

What We Know
On June 29, 2021, a Proof-of-Concept (PoC) exploit code was published on GitHub for a vulnerability related to (CVE-2021-1675) in the Microsoft Print Spooler (spoolsv.exe)--the process that manages printing services. This vulnerability has been given the nickname of “PrintNightmare." 

Although Microsoft released an update in early June 2021 as part of the updates in patch Tuesday, it does not look like this update protects against the PoC code. As this is PoC exploit, it appears to work and is being referred to as a Zero-Day exploit.

It's important to note that the exploit does require a user login and password or a password hash to work which could be used by adversaries for use with phishing to get an elevation of privilege.

No Known Fix; Recommended Workaround
Because there is currently no known fix, the recommended workaround is to disable the print spooler service on Domain Controllers and systems that do not print.
Yesterday CISA released a VulNote for this vulnerability.  

What you should do if you are running Microsoft Windows systems 7 and higher and have the Print Spooler service enabled:

Test and evaluate the impact of these changes.
• Follow proper change control and backout procedures.
• Disable the Print Spooler service wherever possible, especially on publicly exposed devices. Note that you should follow the recommended approaches from Microsoft so that the service is not brought back on inadvertently.
• If you cannot disable the Print Spooler service, limit network access to those devices as strictly as you can, especially on publicly exposed devices.
• Apply the relevant patches, if applicable, at the earliest opportunity once they have been made available.

"Assume the Breach"
In this era of ransomware, it is safest to assume that an attacker is already inside the network somewhere, on a desktop and perhaps even in control of a user account. Assume The Breach: this vulnerability allows for elevation of privilege and we will expect it to be used by adversaries.

Additional practices you should always follow: 
• Follow proper change control process
• Test your changes and patches before rolling into production
• Ensure you have immutable backups of all systems; that way if the worst happens you have a method of recovering.

If you need help with this security threat, please reach out to your GreenPages Account Manager or reach out to us.


Randy Becker 2

Randy is responsible for GreenPages’ overall cyber security strategy, including developing comprehensive policies and procedures to protect critical applications while ensuring business agility and velocity. With more than 30 years in the IT industry, Randy has strong expertise in cyber security and risk management; security operations and optimization; infrastructure modernization; and hybrid cloud architecture, design, and implementation. Randy is also a HITRUST Certified CSF Practitioner (CCSFP) which ensures clients have access to the highest level of expertise related to privacy, security, compliance, and risk management.


Related Posts

New SEC Rules for Reporting Cybersecurity Incidents Are Coming

By Jay Pasteris, GreenPages CIO and CISO The SEC is proposing new cybersecurity rules for public companies. GreenPages' Chief Information Officer & Chief Information Security Officer, Jay Pasteris, looks at the pros and cons of these rules and offers advice on how your company can prepare.

CIO Fireside Chat Recap: Responding to a Ransomware Attack

By Mario Brum, VP of Practice Area and Technical Advisory Services, GreenPages   Mario Brum hosted our inaugural CIO Fireside Chat, an online event for business executives and IT experts about the latest tech topics and trends. In this blog post, Mario recaps the discussion on responding to ransomware attacks and shares data from a real-time poll showing how top cybersecurity leaders responded to this controversial topic. 

How Microsoft Purview Simplifies and Secures Your Organization's Data

By David Barter, GreenPages Microsoft Technologies Practice Lead Managing disparate data sources is a challenge for today's hybrid workforces. But Microsoft Purview can simplify your data security, governance, and compliance.