08.07.2021 - UPDATE: There is currently a critical vulnerability in printer spoolers of Microsoft systems. Microsoft has now made the first updates available. The NCSC recommends applying the patches immediately.
Patches available - Critical vulnerability affecting the Windows Print Spooler service of Microsoft systems
On 8 June 2021, Microsoft released information and updates concerning a vulnerability in the spooler (queue) used by Windows systems to process print jobs, as well as other security updates.
On 29 June 2021, an exploit code that refers to the aforementioned vulnerability was published. The exploit known as PrintNightmare exploits a previously unknown and unpatched spooler service vulnerability. Despite the updates provided by Microsoft in June, spooler service attacks therefore remain possible.
Since the spooler service is activated by default on domain controllers, for example, there is a particular risk here. A compromised workstation can be used to gain control over print servers or domain controllers, for instance, and thus potentially over the entire network.
Microsoft recommends two approaches to mitigate the risk. Information can be found on its website: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527.
UPDATE:
On 7 July, Microsoft made the first updates available.
The NCSC recommends that you install them immediately and check and adjust the associated parameters according to the following instructions:
The NCSC recommends the following:
- On servers where the spooler service is not used, totally disable it or disable remote access except for the print servers in use. Particularly domain controllers and other critical servers should be protected in this way.
- On print servers, set up appropriate monitoring.
- Also ensure that the servers that are accessible from the internet do not offer this service externally.
As soon as a new Microsoft update is available, it should be checked and installed immediately.
Last modification 08.07.2021
