As you are likely aware by now, over this past week and the previous weekend Microsoft was warning Windows customers about an unpatched critical flaw in the Windows Print Spooler service. If you weren’t aware, I’ll give you a bit of background. This vulnerability quickly became known as “PrintNightmare” for those affected and at risk. The vulnerability was actual discovered by happenstance, when “researchers accidentally published a proof-of-concept (PoC) exploit.” (theverge.com, 2021) According to Microsoft, the vulnerability allows attackers to remotely execute code with system-level privileges. This type of control is a top-tier risk for Windows clients. Microsoft admitted that “the code that contains the vulnerability is in all versions of Windows.” (theverge.com, 2021)
So where do Windows customers stand now?
Just recently, Microsoft delivered a PrintNightmare patch for multiple Windows versions. “Microsoft released out-of-band patches for Windows systems affected by two critical bugs being tracked as CVE-2021-1675 and CVE-2021-34527, and has advised admins to disable the print spooler service until patches are applied. One is a remote code execution flaw, while the second is a local privilege escalation bug.” (zdnet.com, 2021) However, researchers have reported that the patches do not provide complete protection. So while strives are being made, Windows users are not completely out of the woods just yet. “The creator of the Mimikatz penetrating test kit said he has found a way to bypass the patch on systems by using UNC or the Universal Naming Convention (UNC) string, which is used to point to shared files or devices.” (zdnet.com, 2021) There is still work to be done. Microsoft and security teams everywhere are continuously working to get the unresolved issues under control.
In other news
Coinciding with the timeline of the PrintNightmare headache, the world has been experiencing the biggest ransomware attack on record. According to cybersecurity teams working to mend the damage of the attack, a Russia-linked gang is behind the breach of the company whose software was the conduit for the entire thing. Hackers are now demanding $70 million to end this historic attack. (cbsnews.com, 2021) According to reports, thousands of victims, in at least 17 countries were impacted by this attack that took place over the 4th of July holiday weekend. “President Joe Biden had “directed the full resources of the government to investigate this incident” and urged all who believed they were compromised to alert the FBI.” (cbsnews.com, 2021)
How it Could Affect You:
Windows users are widely affected by PrintNightmare. Your security team should be monitoring and implementing all recommend patches and protocols at this time. With these breaches being unresolved and having ongoing effects, it is important to remain vigilant at this time. That’s exactly what Hodgson Consulting & Solutions is doing for its customers and partner relationships
Hodgson Can Help:
If you are not sure whether the security of your business has been compromised, Hodgson can help. Hodgson Consulting & Solutions specializes in securing data and information loss prevention for companies with multiple locations and/or a remote workforce. Our team of IT and security experts are working tirelessly to ensure the safety and security of our clients and would be happy to help serve your company in the same capacity.