How to protect against PrintNightmare Vulnerability
A new critical security vulnerability is posing a significant threat to businesses worldwide this month, the vulnerability has been aptly named PrintNightmare. In this post we are going to explain what the vulnerability is and how your IT team or IT support provider can protect your business from it.
The PrintNightmare vulnerability exists within all recent Microsoft operating systems (both desktop and server) and stems from the service which Windows uses to manage print jobs - the Print Spooler. This is running by default on all Windows operating systems.
PrintNightmare has been graded as a critical vulnerability due to it’s exploitation allowing for a malicious attacker to perform remote code execution on a device. In real-world terms - This means an attacker could install malicious software on a computer, exfiltrate sensitive information or spread ransomware throughout a company network.
Microsoft have reacted to the vulnerability by issuing security updates to resolve the issue. However, we are aware of security research which is indicating that these updates are not effective in every case, nor is it dealing with the entirety of the threat.
Nevertheless, we strongly recommend the latest Microsoft security updates are applied as a first step in countering this vulnerability. You can find the latest information from Microsoft about this vulnerability here.
For true protection we also recommend further security layers are in place to provide active protection against these types of threats. Such additional safeguards can detect and nullify these threats long before Microsoft have released updates. The importance of such is further enforced by the reported ineffectiveness of the Microsoft provided update.
To be truly secured, you cannot depend upon the single layer of defence provided by Microsoft or conventional anti-virus solutions as these are not sufficient.
Businesses need advanced defences to deal with modern day cyber threats.
For a technical breakdown of steps to be actioned by your IT support provider, please see the checklist below or simply contact us here at Firaya for assistance.
Ensure security patch for CVE-2021-1675 is applied
Ensure security patch for CVE-2012-32457 is applied
Audit Print Spooler usage and disable it where possible
Review and deploy further mitigations recommended by Microsoft here
Configure specific detection and mitigation tools within security software to address the vulnerability