Microsoft Warns Vulnerability PrintNightmare Affects All Windows Versions
A zero-day vulnerability that can be exploited to enable remote code execution on a target device, dubbed PrintNightmare, has been confirmed by Microsoft to affect all versions of Windows.
PrintNightmare affects a built-in Windows service named “Print Spooler” that is enabled by default on Windows machines. For any business working on Windows Operating Systems, Windows Print Spooler is required to print, thus creating a critical decision of whether a business is able to forego printing or if they will accept the risks and use their printer.
By using this vulnerability, threat actors can gain full access to a domain controller and take over an entire domain enabling attackers to “install programs; view, change, or delete data; or create new accounts with full user rights” once System privileges have been gained.
Recommendations:
Microsoft is working on a patch but until then the vulnerability is actively being exploited by attackers. It is worthy to note that a June 8 patch from Microsoft does NOT remediate the issue.
A temporary solution until Microsoft provides further updates, is to disable the Print Spooler service, or disabling the inbound remote printing through group policy.
In instances such as this, Managed IT Services will be able to oversee the process and act swiftly, mitigating the risks of discovering the news too late and slowly figuring out how to counteract the vulnerabilities. News and recommendations can come quicker from vendors and partners offering a higher chance of proactivity.
Sign up for our Cyber Security Newsletter
Stay in the know with updated breaches and helpful cyber security tips that could help protect your business and your staff from major security events.