Following the release of a U.S. Cybersecurity & Infrastructure Security Agency (US-CERT)  Coordination Center VulNote “for a critical remote code execution vulnerability in the Windows Print spooler services” on June 30, 2021, Microsoft issued new guidance for the vulnerability (CVE-2021-34527) on July 1, updated guidance on July 2, 2021, and an emergency patch on July 6, 2021.

According to US-CERT, the “update does not address the public exploits that also identify as CVE-2021-1675.” US-CERT has confirmed that “an attacker can exploit this vulnerability-nicknamed PrintNighmare-to take control of an affected system.”

What to do about the Windows Print Spooler vulnerability?

According to CISA, “CISA encourages administrators to disable the Windows Print spooler service in Domain Controllers and systems that do not print. Additionally, “domain controllers and Active Directory admin systems need to have the Print spooler service disabled. The recommended way to do this is using a Group Policy Object.”

Security researchers are urging that the patch be deployed as soon as possible, since the vulnerability is being actively exploited in the wild, and the vulnerability can take over a Windows domain controller. Although the Kaseya security incident is receiving the bulk of media attention, this vulnerability could affect many more businesses that use Windows.

According to Microsoft, the patch will provide additional security for the enabling of print software. It stated in a recent blog post that, “After installing such updates, delegated admin groups like printer operators can only install signed printer drivers. Administrator credentials will be required to install unsigned printer drivers on a printer server going forward.”

Consider this patch a priority if using Windows. It was so urgent, that the emergency patch was issued by Microsoft a week before its normal monthly software updates.

Photo of Linn Foster Freedman Linn Foster Freedman

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her…

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn is an Adjunct Professor of the Practice of Cybersecurity at Brown University and an Adjunct Professor of Law at Roger Williams University School of Law.  Prior to joining the firm, Linn served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.