CISA urges federal agencies to patch PrintNightmare flaw

The emergency directive comes after Microsoft security updates

The Cybersecurity and Infrastructure Security Agency (CISA) has told federal agencies to mitigate the Windows Print Spooler Service vulnerability, also known as PrintNightmare, that hackers are actively exploiting.

CISA issued the Emergency Directive 21-04 following Microsoft’s security updates that aim to fix the flaw in all supported versions of Windows.

The flaw enables hackers to remotely execute code with system-level privileges, allowing a threat actor to quickly compromise a targeted organization’s entire identity infrastructure. This compromise is possible because the Microsoft Print Spooler service improperly performs privileged file operations and fails to restrict access to functionality that allows users to add printers and related drivers. 

This, in turn, allows a remote authenticated attacker to execute arbitrary code with system privileges on a vulnerable system.

CISA said it had validated various proofs of concept and was “concerned that exploitation of this vulnerability may lead to full system compromise of agency networks if left unmitigated.”

The agency said the vulnerability poses an unacceptable risk to Federal Civilian Executive Branch agencies and requires emergency action.

“This determination is based on the current exploitation of this vulnerability by threat actors in the wild, the likelihood of further exploitation of the vulnerability, the prevalence of the affected software in the federal enterprise, and the high potential for a compromise of agency information systems,” CISA warned.

It said that all agencies must stop and disable the Print Spooler service on all Microsoft Active Directory (AD) Domain Controllers (DC) by 11:59 p.m. EDT on July 14. 

By 11:59 p.m. EDT on July 20, agencies must apply the July 2021 cumulative updates to all Windows Servers and Workstations. At the same time, all hosts running Windows operating systems must either stop and disable the Print Spooler service on the host and configure Point and Print Restrictions Group Policy settings or override all Point and Print Restrictions Group Policy settings to ensure only administrators can install printer drivers changing registry settings on all hosts.

Agencies must also ensure technical and/or management controls are in place to ensure newly provisioned or previously disconnected servers and workstations are updated before connecting to agency networks by July 20.

CISA said the emergency directive would remain in effect until all agencies running Windows have “performed all required actions from this directive or the directive is terminated through other appropriate action.”

Featured Resources

Modern governance: The how-to guide

Equipping organisations with the right tools for business resilience

Free Download

Cloud operational excellence

Everything you need to know about optimising your cloud operations

Watch now

A buyer’s guide to board management software

How the right software can improve your board’s performance

The real world business value of Oracle autonomous data warehouse

Lead with a 417% five-year ROI

Download now

Recommended

Russia's "politically motivated" REvil raid could be used as leverage, experts warn
ransomware

Russia's "politically motivated" REvil raid could be used as leverage, experts warn

17 Jan 2022
Meta files lawsuit to uncover hackers targeting Facebook, WhatsApp
phishing

Meta files lawsuit to uncover hackers targeting Facebook, WhatsApp

21 Dec 2021
Five things to consider before choosing an MFA solution
Security

Five things to consider before choosing an MFA solution

17 Dec 2021
Australia and US sign CLOUD Act data-sharing deal to support criminal investigations
cyber crime

Australia and US sign CLOUD Act data-sharing deal to support criminal investigations

16 Dec 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
How to speed up Windows 11
Microsoft Windows

How to speed up Windows 11

7 Jan 2022
Dell XPS 15 (2021) review: The best just got better
Laptops

Dell XPS 15 (2021) review: The best just got better

14 Jan 2022