Print Nightmare

Nightmare

A new security vulnerability that has been nicknamed “Print Nightmare” has been making a big splash in IT security communities.  The exploit has been deemed a zero-day attack as there was no patch available when it was discovered. 

The bug is dangerous enough that Microsoft issued a statement on it and released a patch out of schedule. 

 “A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

This is particularly disturbing, because if the attacker gains access to the Windows Domain Controller they can change security permissions, create their own accounts, and a plethora of other things.  The access they can gain to the network is significant.

The print nightmare vulnerability affects all versions of Windows back to Windows 7.  Microsoft moved quickly to try and patch the bug, releasing the patch out of schedule.  There are many researchers that say that the patch doesn’t address the problem completely, and that some systems will still be vulnerable.  Specifically, the point and print function if enabled on Windows servers may allow the exploit to still work.

What to do

If you’re a client of i.t.NOW you can rest assured that the patches are already being applied.  Our research indicates that the patch will plug the security hole in most cases.  If you’re not a client, we recommend that you act and ensure that the patch is applied immediately.

i.t.NOW has taken some further steps to protect our clients as well.  We have disabled the print spooler on any domain controllers that did not have printers installed.  We are also currently looking into disabling the point and print functionality on servers until an additional patch is issued.  Some further testing is required.

Its also important to keep in mind that i.t.NOW maintains strong firewalls for all our clients.  This minimizes the attack surface of our clients and makes it impossible for an attacker to use this exploit unless they managed to bypass the firewall and execute the bug from inside the network.

Stay Vigilant

There are new threats that pop up every day.  It’s important to have an IT provider that is actively tracking those threats and working to ensure that your security is up to date.  Most bugs of this nature are at least minimized by a well-executed multi-layer security plan.  A quality provider like i.t.NOW will ensure that you have one in place before the next zero-day attack happens.  If you don’t currently have a plan in place for your business, you need to.  Call the experts at i.t.NOW to ensure your business is secure.