Microsoft PrintNightmare Attack - Your Windows PC is probably vulnerable. Here's what to do about it.
July 07, 2021
Threat Watch Windows PrintNightmare Microsoft Vulnerability
What the PrintNightmare Vulnerability Is
Leading into the July 4th weekend, security researchers inadvertently revealed code detailing what's called a "zero day" attack, usable by attackers to take over many Windows OS computers. Microsoft had patched a similar issue in a recent update, but the vulnerability allowing total system control was not fully resolved by that patch.
The vulnerability takes advantage of an issue with the "print spooling" service running by default on Windows computers that manages printers and print jobs. Even if you don't have a printer connected, this service still runs and is still vulnerable.
All computers running the Windows operating system that are accessible to the internet and have a weak or no firewall enabled are affected. All Windows operating systems are vulnerable, and exploitation of the vulnerability allows an attacker to easily install any program and extract private data.
Although the exploit requires the attacker to a) gain access to an account on your computer, and b) reach the print spooling service of Windows through your firewall, methods exist to make both of these requirements possible for relatively unsophisticated attackers.
UPDATED 7/7: Microsoft has released an emergency patch to fix this vulnerability. Use the Windows Update application on your computer to check for updates and install the ones released today. Given this is an "out of band" update, it likely is not going to be installed automatically for you immediately. We recommend performing this update ASAP.
Customers with the Computer Management Module Enabled
Current customers who have already rolled out our computer management module can email us at email@example.com or use the blue chat badge at the bottom-right of the page to request we perform the update be made across your computers automatically. A restart will be required! We'll confirm by email when completed.
Need more help?
Customer or not, our mission is to protect startups and small businesses. We're available via the blue chat badge in the bottom-right of the page, or by emailing firstname.lastname@example.org. If you want a security program that monitors for these types of threats, and keeps you protected against them and other, take a look at Havoc Shield.