‘PrintNightmare’ vulnerability prompts CISA to order federal agencies


The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered government agencies to take immediate action against the emerging Microsoft Windows vulnerability known as “PrintNightmare”.

CISA issued an emergency directive Tuesday requiring all federal civil enforcement agencies to disable the “print spooler” service on Windows computers by midnight Wednesday.

Agencies covered by the directive have a full week to apply new security patches to all Windows servers and workstations. Each must submit a report confirming the completion of the study to CISA by July 21.

The printer spooling vulnerability affects every version of Windows, Microsoft’s flagship operating systems, and can be exploited by attackers to allow them to execute arbitrary code remotely.

Microsoft warned that a hacker who successfully exploited the bug could perform activities such as remotely installing malware and viewing or deleting sensitive data.

“CISA is concerned that exploitation of this vulnerability could lead to full-system compromise of affected agency networks if not mitigated,” the agency said in a news release announcing the directive.

“While no federal civilian agency is known to have suffered intrusions, this is a serious vulnerability that requires action from all agencies,” CISA said in a Twitter post about the order.

Microsoft first acknowledged the printer spool bug on July 1 and released a security patch for it on July 6. It also recommends that all users install the appropriate updates immediately.

Details about the bug first surfaced a few days ago when security researchers at Sangfor Technologies posted their analysis online of what they’re calling the “PrintNightmare” vulnerability.

Sangford, a global IT vendor headquartered in China, later said his researchers had mistakenly published the “PrintNightmare” analysis on the false assumption that Microsoft had already released the patch.

“We want to reassure everyone that an honest mistake was made and quickly corrected,” Sangfor said on Friday. Said.

Four days later, CISA said it was aware that the “PrintNightmare” vulnerability was being actively exploited by threatening actors and accordingly ordered agencies to fix their systems accordingly.

“Since this exploit was discovered, CISA has been working with Microsoft and federal civilian agencies to assess potential risks to federal agencies and critical infrastructure,” said Eric Goldstein, CISA’s deputy director of cybersecurity. “CISA’s mission is to protect the country from cybersecurity threats, and this directive reflects our determination to seek urgent action for abuses that pose an unacceptable risk to federal civilian enterprise. We will continue to actively monitor exploitation of this vulnerability and provide additional guidance when appropriate.”

CISA issued an emergency order the day Jen Easterly was sworn in as its new director. He replaces former CISA director Brandon Wales, who ran the agency after Christopher Krebs, the first director of CISA, was fired by Trump in November for rejecting allegations of unproven election fraud.

Sign up for Daily Newsletters


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *