PrintNightmare: Windows Zero-Day Vulnerability Detected

Publish Date

Type

Cyber Alert

Topics
  • Cybersecurity

A Windows® vulnerability was accidentally disclosed this week that allows a remote, authenticated attacker to run code with elevated rights on a machine with the Print Spooler service enabled and potentially take control of an affected system. This critical bug has been nicknamed “PrintNightmare.”  

Despite some confusion that exists about this vulnerability, PrintNightmare is not addressed in the Windows patch that was launched on June 8, and a patch is currently not available to address PrintNightmare.  

ACA guidance 

Windows systems – both workstations and servers – with the Windows Print Spooler service running are vulnerable.  Generally, firewalls block public access to this service,  however, systems on a firm’s internal network and accessible to vendors, guests, and staff are likely vulnerable.  Someone with access to the internal network – including by using the VPN or other remote access to the network – might gain privileged access by exploiting this vulnerability. 

ACA advises firms to follow the recommendations of the Cybersecurity & Infrastructure Security Agency (CISA) and disable the Windows Print spooler service in Domain Controllers and systems that do not print to protect organizations from this potential breach point.  

How we help 

ACA Aponix offers the following solutions that can help organizations enhance their cybersecurity: 

Download our Aponix Protect™ cybersecurity solution brochure. 
 
If you have any questions, please contact your ACA Aponix consultant or contact our cyber team