PrintNightmare: Windows Zero-Day Vulnerability Detected
A Windows® vulnerability was accidentally disclosed this week that allows a remote, authenticated attacker to run code with elevated rights on a machine with the Print Spooler service enabled and potentially take control of an affected system. This critical bug has been nicknamed “PrintNightmare.”
Despite some confusion that exists about this vulnerability, PrintNightmare is not addressed in the Windows patch that was launched on June 8, and a patch is currently not available to address PrintNightmare.
Windows systems – both workstations and servers – with the Windows Print Spooler service running are vulnerable. Generally, firewalls block public access to this service, however, systems on a firm’s internal network and accessible to vendors, guests, and staff are likely vulnerable. Someone with access to the internal network – including by using the VPN or other remote access to the network – might gain privileged access by exploiting this vulnerability.
ACA advises firms to follow the recommendations of the Cybersecurity & Infrastructure Security Agency (CISA) and disable the Windows Print spooler service in Domain Controllers and systems that do not print to protect organizations from this potential breach point.
How we help
ACA Aponix offers the following solutions that can help organizations enhance their cybersecurity: