rocketwise

Schedule A Call
Menu

THREAT UPDATE

Last week, we released an advisory regarding the “PrintNightmare” Zero-Day vulnerability exploited via the Windows Print Spooler service. This past weekend, on July 16th, Microsoft identified another vulnerability within the Print Spooler service that allows for local privilege escalation. It has yet to be patched. rocketwise recommends disabling the Print Spooler service on all Windows machines that don’t actively print.

TECHNICAL DETAIL & ADDITIONAL INFORMATION

WHAT IS THE THREAT?

The PrintNightmare vulnerability initially allowed attackers to execute remote code on systems to elevate privileges, which Microsoft then patched the following operating systems: Windows Server 2019, Windows Server 2012 R2, Windows Server 2008, Windows 8.1, Windows RT 8.1, and Windows 10 (versions 21H1, 20H2, 2004, 1909, 1809, 1803, and 1507). However, the local privilege escalation still exists in which the same Proof-of-Concept code can be used to elevate privileges. This will not work if the Print Spooler service is disabled.

WHY IS IT NOTEWORTHY?

All privilege escalation vulnerabilities should be taken seriously. Attackers can leverage this CVE to create and remove user accounts, edit configuration files, and create persistence to maintain a foothold on your machine. All versions of Windows contain the vulnerable code and are susceptible to exploitation.

WHAT IS THE EXPOSURE OR RISK?

Even if you patched your Windows machines for the initial CVE announced last week, your system remains affected if the Print Spooler service is enabled. All versions of Windows contain the vulnerable code making the exposure and risk level of this threat extremely high.

WHAT ARE THE RECOMMENDATIONS?

rocketwise recommends disabling the print spooler service on all machines that do not actively need to print.

REFERENCES

For more in-depth information about the recommendations, please visit the following links:

If you have any questions, please contact us.

Written by

Kevin possesses the unique ability to understand, and explain in non-threatening and non-technical ways how technology, business and team members work with, and sometimes, against each other. He has an innate ability to understand how technology works at the basic conceptual level and how it interacts with hardware, software, networking, people and business processes. A rare combination in today's technology arena.

Kevin lives in Charleston, South Carolina with his bride Summer, their two sons - Caleb and Isaiah - and their Vizsla wonder dog Dexter.

WHAT OUR EXPERTS HAVE TO SAY

READ MORE ON OUR BLOG