Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

CISA Orders Agencies to Patch Microsoft ‘PrintNightmare’ Vulnerability

The flaw—which Microsoft said affects all versions of Windows—could allow an adversary to execute code on their victim’s system remotely.  

The Cybersecurity and Infrastructure Security Agency instructed federal agencies to disable Microsoft Windows’ Print Spooler service before midnight on Wednesday to avoid network compromise. 

“CISA has become aware of active exploitation, by multiple threat actors, of a vulnerability (CVE-2021-34527) in the Microsoft Windows Print Spooler service,” reads the emergency directive CISA issued Tuesday. “Exploitation of the vulnerability allows an attacker to remotely execute code with system level privileges enabling a threat actor to quickly compromise the entire identity infrastructure of a targeted organization. CISA has validated various proofs of concept and is concerned that exploitation of this vulnerability may lead to full system compromise of agency networks if left unmitigated.”

After stopping and disabling the service by 11:59 p.m. on July 14, agencies will have one week—until 11:59 p.m. on July 20—to apply cumulative updates from this month to all Windows servers and workstations, according to the directive. 

Microsoft acknowledged the vulnerability on July 1 and noted that all versions of Windows are vulnerable to exploitation called “PrintNightmare.” On July 7, the company issued a security update for Windows Server 2012, Windows Server 2016 and Windows 10, Version 1607.

CISA also gives agencies some options for mitigating the vulnerability, including properly adjusting access configurations to provide an alert when privileges are escalated. But by the end of the week, agencies must ensure appropriate controls are in place before reconnecting the service to agency networks.

CISA said it will work with cloud service providers approved under the Federal Risk and Authorization Management Program, known as FedRAMP, to coordinate the response. However, agencies are ultimately responsible for tracking their third-party relationships and reporting their compliance with the directive whether their providers are FedRAMP approved or not. One exception is “if the affected third-party service provider is another federal entity, the provider agency itself is responsible for reporting status to CISA and the customer agency does not have any further reporting obligation,” CISA said.

CISA said it would provide technical assistance to agencies not capable of complying with the directive and report to the secretary of Homeland Security and the director of the Office of Management and Budget on outstanding issues related to the directive by September 15.

Source: https://www.nextgov.com/cybersecurity/2021/07/cisa-orders-agencies-patch-microsoft-printnightmare-vulnerability/183745/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

How a cornerstone cybersecurity program has evolved from information collection to active defense. The Cybersecurity and Infrastructure Security Agency has used its Continuous Diagnostics...

Cyber Security

Cybercriminals are increasingly leveraging extreme weather events to launch attacks on critical infrastructure sectors. Cybersecurity experts say critical infrastructure operators can leverage a set...

Cyber Security

A new report says a cyber threat actor within Russia’s military intelligence service leveraged a novel malware campaign targeting Android devices used by the...

Cyber Security

Malware leveraging flaws in edge routers has been spying on military contracting websites, according to research from Lumen’s Black Lotus Labs. Malware leveraging flaws...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO