Security Alert: Urgent Windows zero-day - Printnightmare
Date:
2021-07-01 12:34:00
Status:
Closed
Brief Description:
A critical zero-day vulnerability has just been announced in the Microsoft print spooler service and exploits are available in the wild. Print spooler services should be turned off, especially on domain controllers, until a patch is available.
Current Status:
IT staff continue to monitor the status of this ongoing vulnerability and recommend applying mitigations to keep servers and endpoints secure.
Services Affected:
Servers
Full Description:
A critical zero-day vulnerability has just been announced in the Microsoft print spooler service and exploits are available in the wild. Print spooler services should be turned off, especially on domain controllers, until a patch is available.
This vulnerability allows an attacker with valid domain credentials to perform local privilege escalation and/or remote code execution on any host running the RPC/print spooler service. Print spooler services should be turned off, especially on domain controllers, until a patch is available. In line with the industry and vendor consensus for navigating this situation CIT is turned off print spooler services on many CIT managed servers, desktops, and laptops. This will likely disrupt printing until a patch has been released. CIT is actively monitoring the situation and will work to restore services as soon as it is safe to do so. IT Service Groups are strongly advised to take similar action. More information is available here from Microsoft: https://docs.microsoft.com/en-us/defender-for-identity/cas-isp-print-spooler.
With some additional details and background here: https://www.bleepingcomputer.com/news/security/public-windows-printnightmare-0-day-exploit-allows-domain-takeover/.
This vulnerability allows an attacker with valid domain credentials to perform local privilege escalation and/or remote code execution on any host running the RPC/print spooler service. Print spooler services should be turned off, especially on domain controllers, until a patch is available. In line with the industry and vendor consensus for navigating this situation CIT is turned off print spooler services on many CIT managed servers, desktops, and laptops. This will likely disrupt printing until a patch has been released. CIT is actively monitoring the situation and will work to restore services as soon as it is safe to do so. IT Service Groups are strongly advised to take similar action. More information is available here from Microsoft: https://docs.microsoft.com/en-us/defender-for-identity/cas-isp-print-spooler.
With some additional details and background here: https://www.bleepingcomputer.com/news/security/public-windows-printnightmare-0-day-exploit-allows-domain-takeover/.
CIT TDX ID: