PrintNightmare Vulnerability in Majority of Windows Devices

PrintNightmare Vulnerability in Majority of Windows Devices

July 6, 2021

UPDATE – July 7 @ 11:45am: Microsoft has now published a patch to mitigate this vulnerability, and Mytech is already working on deploying it to our clients as securely and non-disruptively as possible. Further information about this process has been emailed out to our clients. If you experience any issues or have questions about this out-of-band patch, please contact your Mytech team for more info.

The newly discovered “PrintNightmare” vulnerability allows malicious actors to access a computer or server by sending commands to a built-in service that is enabled by default on all Windows machines (“Print Spooler”). This vulnerability is not public – attackers either need to be sharing a network with the target device, or need to have already gained access through a different attack. Despite this limitation, the severity of this exploit (and the ease of its execution) still makes this a critical concern, for both business and personal devices. 

What Mytech is doing:

Currently, the only way to completely eliminate this threat is to disable the “Print Spooler” service, which Mytech has already done for our clients’ network devices wherever feasible and non-disruptive. However, disabling this service also completely disables printing from that device (as well as “Print to PDF” functions), which we know would be an unacceptable interruption of operations for many of our clients.

In an effort to carefully balance your security and productivity, we are implementing a number of back-end controls to restrict unauthorized access to the “Print Spooler” service on your devices while still allowing legitimate printing jobs. Although this does not completely eliminate the risk, it is an effective mitigation for the most common and likely attacks.

What you should do:

As a client of Mytech, if you prefer a more aggressive security approach, Mytech can temporarily disable “Print Spooler” for all devices on your network. While this would completely prevent your organization from printing documents or using the “Print to PDF” function, it would also eliminate this vulnerability until Microsoft releases the new patch to address it. If this is an acceptable productivity cost for enhanced security, please contact your Mytech team to start this process.

If you have any specific concerns, please don't hesitate to let us know or ask us questions. We are monitoring this situation as it develops, and will notify you when additional action is warranted.

Share this post