• Home
  • Microsoft
  • PrintNightmare: Why you need to update your Windows OS NOW!

PrintNightmare: Why you need to update your Windows OS NOW!

In the wake of recent large-scale cyberattacks around the world, Microsoft has declared that a further critical vulnerability has been discovered in the aptly named PrintNightmare Print Spooler nightmare. This is not something that should be taken lightly by anyone and here’s why…

On June 29th, 2021, a security researcher and technical architect tweeted a proof of concept (PoC) exploit and explanation about vulnerabilities in the Windows Print Spooler system before quickly deleting it. Despite its prompt deletion, it was live long enough to be replicated on other sites, so essentially, a PoC exploit is floating about the internet.

No biggie. It can’t be that much of a security issue, right? WRONG!

This exploit is the code equivalent of giving a stranger the keys to your front door and rolling out the red carpet for them, so they can take over your life – or your business.

The Windows Print Spooler situation 

In a nutshell, the Windows Print Spooler is a default Windows service enabled on ALL Windows clients and servers to allow for much more seamless printing management within a network. When a computer is physically connected to a printer, the Print Spooler allows the computer to provide printing services to other computers connected to the network. While this is a helpful tool for many reasons, the PrintNightmare vulnerability allows any authenticated user to perform privileged file operations – such as escalating their privilege to domain admin level, meaning they retain system-level control and can do anything they want. So, there should be 2 main priorities for Windows users right now: mitigation & detection. 

How to mitigate your business’s risk?

At this point, it should go without saying that if you haven’t updated your systems with the new security patches for this issue, you should go and do it IMMEDIATELY! But depending on the size of your organisation, this could be a big job that can’t be completed overnight, so you may need to consider other options to secure yourself in the meantime.  

Can’t I just turn off Windows Print Spooler service?

Sure. Does this solve the problem and keep your business running perfectly? No.

Turning off the Print Spooler service is a workable solution if you don’t need/want to print anything, which is unlikely for most businesses. But this has been the current response in America with Federal agencies being ordered to disable Microsoft’s Print Spooler services completely until all security updates and management controls have been implemented – a recommendation which has also been forwarded on to both public and private organisations. As this vulnerability has the potential to turn into an economically international, but extremely detrimental, cyber event, businesses need to be more vigilant to protect their critical data and systems. 

So, if the Print Spooler needs to be turned off, it needs to be turned off.

What’s Microsoft’s advice to detect breaches?

Although Microsoft have worked hard to suitably patch the vulnerabilities as quickly as possible, until security updates can be done (the most recent patches over 100 vulnerabilities), every user is at risk of attack. So, Microsoft advise using security products, such as Microsoft 365 Defender, to search for alerts and telemetry showing suspicious behaviour. 

Security products like Microsoft 365 Defender include advanced hunting queries which provide the necessary information to secure web sites, APIs, applications, databases, remote desktops and other resources. They do this by conducting on-demand scans against an internal database of vulnerabilities and then generating reports that can be sent via email or downloaded to a repository.

The latest version of Microsoft 365 Defender includes advanced hunting queries such as SQL injection and XSS scanning. This makes it easier for users to detect potential threats in their surroundings without having to conduct any manual research themselves.

Update before it’s too late…

Systems that have not been updated are open to cyberattacks and risks. It is important for businesses to implement these updates as soon as possible because the consequences could be devastating. So, if your company has not yet updated its systems, now is a good time to take action. Contact Lindentech’s team of security experts before it’s too late

3 Comments

  • August 20, 2021

    Jose

    OMG! I had no idea this was possible! It’s so scary to think someone could get total access to your entire business like this. How much would it cost for a small business (22 people) to get everything sorted out by Linden Tech?

    PS: Please contact me via email. Thank you!

  • August 27, 2021

    Lucy

    Hmm… do you really think Microsoft 365 Defender is the best solution? I have my doubts. Microsoft never had a great option when it comes to security imho.

  • September 2, 2021

    Colin

    Hey, guys, great read. Could you maybe write something like 25 ways to protect your company from a cyberattack? I know the first one would be to hire Linden Tech :)) but what would be the others? THX

Leave a Reply

%d bloggers like this: