Microsoft’s PrintNightmare Vulnerability

Microsoft’s released an Out-Of-Band (OOB) emergency patch, affecting windows systems’ print-spooler subsystem. These printing issues are being called PrintNightmare by the media. The vulnerabilities are being tracked in CVE-2021-1675 and CVE-2021-34527. Print spoolers control printing on servers and workstations. Microsoft released this patch OOB (i.e. not on Patch Tuesday) because there have been reports of exploits in the wild leading to privilege escalation and remote access. However, in some cases, this patch also broke printing on receipt and label printers connecting through a USB port.

Printer Issues after Patching

For example, Zebra, the printer manufacturer confirmed many of its printing solutions stopped printing after any of PrintNightmare patches were installed (KB5004945, KB5004760, and KB5003690). Microsoft released a statement about these failed patches suggesting businesses take the following actions: 

“This [printing] issue is resolved using Known Issue Rollback (KIR). Please note that it might take up to 24 hours for the resolution to propagate automatically to consumer devices and non-managed business devices. Restarting your Windows device might help the resolution apply to your device faster. For enterprise-managed devices that have installed an affected update and encountered this issue, it can be resolved by installing and configuring a special Group Policy.”

[Editor comment: Did Microsoft just say: maybe a restart could help but they aren’t sure? Really?]

What Now?

First, ensure all your systems are fully patched and updated to the latest versions published by your manufacturer. Second, consider disabling the print spooler service until Microsoft re-releases patches to fix these issues. Third, if you’re not printing via USB connections, it may be okay to apply the existing patches and hope they don’t break your printing.

CyberHoot Recommended Practices to Secure your Business

Your company needs to take other proactive measures to reduce its chances of being a victim of a cyber attack. CyberHoot recommends the taking following steps to prepare for, limit damages, and sometimes avoid cyber attacks:

• Adopt two-factor authentication on all critical Internet-accessible services
• Adopt a password manager for better personal/work password hygiene
• Require 14+ character Passwords in your Governance Policies
• Deploy an Anti-Malware/Anti-Virus Solution to actively scan for vulnerabilities
• Follow a 3-2-1 backup method for all critical and sensitive data
• Train employees to spot and avoid email-based phishing attacks
• Check that employees can spot and avoid phishing emails by testing them
• Document and test Business Continuity Disaster Recovery (BCDR) plans
• Perform a risk assessment every two to three years

Start building your robust, defense-in-depth cybersecurity plan today with CyberHoot.

Sources:

Kaspersky

ZDNet

Microsoft

The Verge

Additional Readings: 

CNN – Microsoft Issues Security Warning

Bleeping Computer – PrintNightmare Security Updates

Advanced Reading:  Mitigating Controls for PrintNightmare