Blog / PrintNightmare isn’t about a printer jam
Windows’ print spooler is an unpatched risk.
Do you remember the Microsoft Exchange vulnerability from a few months ago? The earliest attacks on it were detected approximately 12 minutes after the announcement that it existed. The reason was simple; the number of potential targets was in the hundreds of millions of computers, the attack was trivial, and devices were even directly accessible from the internet. They also had to patch a previous glitch in their print spooler in early June as well.
Unfortunately that’s a scenario that’s potentially playing out again, although this situation isn’t quite as bad. The problem again involves the Windows print spooler which, unsurprisingly, controls how you print documents. Most print services aren’t accessible directly from the internet. However, they also aren’t strongly protected. After all, what’s the worst that could happen? A bad guy might print a bunch of garbage and use up your ink, right?
Well, no. This particular vulnerability allows an attacker to arbitrarily execute code remotely with system level privileges. That’s a fancy way of saying they can make the print spooling service do anything from printing to opening a webpage to changing your root administrator password. Clearly these are things you shouldn’t be able to do with a piece of code that’s only meant to print information, and changing your root administrator password is far more dangerous than a few NSFW pics showing up in your print tray. Hence, the vulnerability has been dubbed “PrintNightmare.”
Fortunately, as I mentioned earlier, the situation doesn’t appear to be as bad as before (although there is currently no patch). That’s because this vulnerability only affects domain controllers, which are important to the smooth operation of your network. Domain controllers also aren’t nearly as common so PrintNightmare doesn’t have the same potential attack base. However, domain controllers’ importance also also means that many system administrators don’t like to risk downtime by installing potentially faulty updates, so they’re often behind their update schedule. As regular readers hopefully know, updates are always critical to your cyber security. Even though this one hasn’t been patched yet, you can still track the error using Microsoft’s guide on their security resource centre to be ready as soon as the patch is.
The tragic icing on top of this un-delicious cyber-cake? It wasn’t even the bad guys who revealed the exploit. A team of cyber security researchers from the Chinese tech company Sangfor created a proof-of-concept for this hack and accidentally released it prior to scheduled distribution at a cyber security conference. Unfortunately by the time they noticed their error it was too late and their code had already been forked off of GitHub.
Clearly, sometimes new fronts in the war on cybercrime open up where you least expect them. That’s why, for this week’s Shakespearean advice, I feel like taking a line from Henry V that we’ve all likely heard before: “Once more into the breach, dear friends”.
If you have any questions about PrintNightmare, please reach out to your TRINUS Account Manager for some stress-free IT.
By Kind, Courtesy of Your Friendly Neighbourhood Cyber-Man.