Posted on Jul 15, 2021
CISA Warns DoD, Feds To Fix Critical Windows Vulnerability - Breaking Defense
1.48K
60
8
21
21
0
Homeland Security’s Cybersecurity and Infrastructure Security Agency issued an emergency directive last night requiring the Pentagon and all other executive branch agencies to fix a Microsoft Windows vulnerability that could allow attackers to gain control of entire networks.
The vulnerability, formally called CVE-2021-34527 and dubbed PrintNightmare by security researchers, affects a Microsoft Windows service called print spooler. Print spooler enables printing capabilities on local networks. CISA’s emergency directive notes that PrintNightmare “poses an unacceptable risk… and requires emergency action” because it allows attackers to gain administrative control of IT systems and to remotely run malicious code.
Microsoft first disclosed PrintNightmare on July 1, less than a month after security researchers accidentally disclosed another bug in print spooler called CVE-2021-1675. The tech giant deemed PrintNightmare’s threat to confidentiality, integrity, and availability to be “high,” with an overall severity rating of eight out of 10 based on the industry-standard Common Vulnerability Scoring System.
Microsoft issued an out-of-band patch on July 6, but less than 13 hours after its release, a security researcher revealed the emergency patch was deficient. (Microsoft’s July 2021 cumulative updates are supposed to patch both print spooler vulnerabilities.)
The vulnerability, formally called CVE-2021-34527 and dubbed PrintNightmare by security researchers, affects a Microsoft Windows service called print spooler. Print spooler enables printing capabilities on local networks. CISA’s emergency directive notes that PrintNightmare “poses an unacceptable risk… and requires emergency action” because it allows attackers to gain administrative control of IT systems and to remotely run malicious code.
Microsoft first disclosed PrintNightmare on July 1, less than a month after security researchers accidentally disclosed another bug in print spooler called CVE-2021-1675. The tech giant deemed PrintNightmare’s threat to confidentiality, integrity, and availability to be “high,” with an overall severity rating of eight out of 10 based on the industry-standard Common Vulnerability Scoring System.
Microsoft issued an out-of-band patch on July 6, but less than 13 hours after its release, a security researcher revealed the emergency patch was deficient. (Microsoft’s July 2021 cumulative updates are supposed to patch both print spooler vulnerabilities.)
CISA Warns DoD, Feds To Fix Critical Windows Vulnerability - Breaking Defense
Posted from breakingdefense.com
Edited 3 y ago
Posted 3 y ago
Responses: 5
Edited 3 y ago
Posted 3 y ago
Microsoft's July 7 2021 PrintNightmare patch leaves systems vulnerable
https://www.bleepingcomputer.com/news/microsoft/microsofts-incomplete-printnightmare-patch-fails-to-fix-vulnerability/https://us-cert.cisa.gov/ncas/current-a...
Thank you my friend Lt Col Charlie Brown for making us aware that DHS "Cybersecurity and Infrastructure Security Agency issued an emergency directive last night requiring the Pentagon and all other executive branch agencies to fix a Microsoft Windows vulnerability that could allow attackers to gain control of entire networks."
Microsoft's July 7 2021 PrintNightmare patch leaves systems vulnerable
https://www.youtube.com/watch?v=E62e8-TPQmE
FYI Maj Bill Smith, Ph.D. LTC (Join to see) COL Mikel J. Burroughs SMSgt Lawrence McCarter SSG Franklin BriantSPC Michael Duricko, Ph.D TSgt David L. SGT James Murphy 1SG Steven ImermanSPC Michael Terrell SPC Michael Oles SRSgt (Join to see) SSG Samuel Kermon MGySgt (Join to see)SPC Steve Irvine1LT Voyle SmithGySgt Jack WallaceMSG (Join to see) LTC Greg Henning
Microsoft's July 7 2021 PrintNightmare patch leaves systems vulnerable
https://www.youtube.com/watch?v=E62e8-TPQmE
FYI Maj Bill Smith, Ph.D. LTC (Join to see) COL Mikel J. Burroughs SMSgt Lawrence McCarter SSG Franklin BriantSPC Michael Duricko, Ph.D TSgt David L. SGT James Murphy 1SG Steven ImermanSPC Michael Terrell SPC Michael Oles SRSgt (Join to see) SSG Samuel Kermon MGySgt (Join to see)SPC Steve Irvine1LT Voyle SmithGySgt Jack WallaceMSG (Join to see) LTC Greg Henning
(11)
Comment
(0)
LTC Stephen F.
3 y
Do this to windows right now, yesterday Microsoft release a emergency security patch update to fix critical “PrintNightmare” vulnerability. Today it seems th...
Do This To Windows Right Now
Do this to windows right now, yesterday Microsoft release a emergency security patch update to fix critical “PrintNightmare” vulnerability. Today it seems that it still has not fix and patch the print spooler which this issue is related to. Microsoft on Tuesday released a fix for critical 'PrintNightmare' bug, but it seems to be ineffective and can be bypassed. The bug could allow malicious actors to take control of vulnerable systems remotely and also run arbitrary code through local privilege escalation.
https://www.youtube.com/watch?v=a_byd8iBpX0
FYI PO3 Charles StreichSP5 Geoffrey VannersonGySgt Thomas VickSFC (Join to see)SFC (Join to see)SPC Randy ZimmermanCpl Robert Russell PayneCPL Cadrew StricklandSSG Michael Noll SGT Steve McFarland SGT Randal Groover SFC Chuck Martinez MSgt James Clark-Rosa SSG William Jones PVT Mark Zehner A1C Riley Sanders SGT (Join to see)SMSgt Mark Venezio Lt Col Charlie Brown SFC Ralph E Kelley
Do this to windows right now, yesterday Microsoft release a emergency security patch update to fix critical “PrintNightmare” vulnerability. Today it seems that it still has not fix and patch the print spooler which this issue is related to. Microsoft on Tuesday released a fix for critical 'PrintNightmare' bug, but it seems to be ineffective and can be bypassed. The bug could allow malicious actors to take control of vulnerable systems remotely and also run arbitrary code through local privilege escalation.
https://www.youtube.com/watch?v=a_byd8iBpX0
FYI PO3 Charles StreichSP5 Geoffrey VannersonGySgt Thomas VickSFC (Join to see)SFC (Join to see)SPC Randy ZimmermanCpl Robert Russell PayneCPL Cadrew StricklandSSG Michael Noll SGT Steve McFarland SGT Randal Groover SFC Chuck Martinez MSgt James Clark-Rosa SSG William Jones PVT Mark Zehner A1C Riley Sanders SGT (Join to see)SMSgt Mark Venezio Lt Col Charlie Brown SFC Ralph E Kelley
(6)
Reply
(0)
Posted 3 y ago
Gaining system admin rights have been a nightmare scenario for many organizations. But with careless operation techniques, i.e. opening e-mails from unvetted sources, this is a real defense problem.
(6)
Comment
(0)
CSM Charles Hayden
3 y
My ‘MSFT Office Home and Student’ has an ‘administrator’. I really need to remove that and attain full rights for myself!
(3)
Reply
(0)
SSG Samuel Kermon
3 y
CSM Charles Hayden I must apologize but what is MSFT? But even not knowing what it means I agree that you need to be your own admin on your own system. Otherwise you are not in charge of your system or its operations.
(3)
Reply
(0)
Read This Next