Update - CVE-2021-34527 - Windows Print Spooler Remote Code Execution Vulnerability

Further Update to https://status.pulsant.com/incidents/lg7s23dsrrc8

Microsoft have now released an out-of-band update for all supported Windows clients KB5004958 and server operating systems. They have recommended that these are applied without delay, prioritizing any devices that currently host the print spooler service.

After applying the above update, consideration should be given to restricting installation of new printer drivers by non-administrators (see link to KB5005010, below).

For clients who manage their own infrastructure, Pulsant advise that they follow the Microsoft security advisories (see links below).

External Links:

https://support.microsoft.com/en-us/topic/july-6-2021-kb5004958-security-only-update-out-of-band-d439df52-8f5a-4cb8-9d0d-c2f1bb036a5e

https://support.microsoft.com/en-us/topic/kb5005010-restricting-installation-of-new-printer-drivers-after-applying-the-july-6-2021-updates-31b91c02-05bc-4ada-a7ea-183b129578a7

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
Jul 7, 15:06 BST
Identified - CVE-2021-34527 - Windows Print Spooler Remote Code Execution Vulnerability

Synopsis:

Further to Pulsant Incident Report dated Jul 01, 2021 – 20:46 BST - CVE-2021-1675 - https://status.pulsant.com/incidents/k0t5lyhxjnx7

Microsoft has released CVE-2021-34527 - Windows Print Spooler Remote Code Execution Vulnerability. This relates to the vulnerability publicly known as “PrintNightmare” and although similar to CVE 2021-1675 should is being treated as distinct by Microsoft.

Nature of the Threat:

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

An attack must involve an authenticated user calling RpcAddPrinterDriverEx().

Level of Threat:

Microsoft is aware of an instance of this vulnerability being exploited. As such, customers who have reviewed the security update and determined its applicability within their environment should treat this with the highest priority.

Impacted Systems:

All Windows Operating Systems

Remediation Advice:

Microsoft continue to work upon an effective patch and in lieu of this have provided advice on workarounds. Clients who require the assistance of Pulsant to perform workarounds are asked to submit a request and acknowledge the risk that the Microsoft recommended workaround may impact the ability to print both locally and remotely.

For clients who manage their own infrastructure, Pulsant advice remains as per previous update; Disable the Print Spooler service from all Windows Operating Systems where it is unnecessary, especially critical infrastructure e.g. Domain Controllers and Data Servers. Microsoft provides details for workarounds on their MSRC page, see link below.

External Links:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
Jul 5, 15:53 BST
Identified - Windows Print Spooler Remote Code Execution (RCE) Vulnerability - CVE-2021-1675

Synopsis:

Within the June 2021 security updates, Microsoft released a patch to address a Print Spooler vulnerability (now known as PrintNightmare). However, it has recently been determined that this patch will not address the cause of the vulnerability and therefore the application of the patch itself cannot be deemed to fully remediate.

Nature of the Threat:

As the Print Spooler operates with SYSTEM privileges, an attacker could exploit the PrintNightmare vulnerability to obtain systems privileges and execute arbitrary code at the system level.

At the time of this advisory, there are known to be at least one proof-of-concept to exploit the PrintNightmare vulnerability, more are likely to follow. There is no indication of a weaponised exploit.

Impacted Systems:

All Windows Operating Systems

Remediation Advice:

Microsoft are expected to release a further patch, but that is not anticipated prior to 12th July 21.

Pulsant have considered actions in relation to mitigating this threat and will work with client to initiate activities in a coordinated effort to communicate and minimise any operational impact.

Pulsant recommends that all clients who manage their own infrastructure should disable the Print Spooler service from all Windows Operating Systems where it is unnecessary, especially critical infrastructure e.g. Domain Controllers and Data Servers.

External Links:
CVE-2021-1675 - Security Update Guide - Microsoft - Windows Print Spooler Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

PrintNightmare vulnerability: what to do – Sophos News
https://news.sophos.com/en-us/2021/07/01/printnightmare-vulnerability-what-to-do/
Jul 1, 20:46 BST

About This Site

We are the UK’s leading colocation and cloud infrastructure provider.

We provide colocation and cloud infrastructure services from our 10 regional data centres, including integration and management of public cloud, with a core focus on availability, security and connectivity.

Business Continuity Operational
90 days ago
99.96 % uptime
Today
Cloud Backup (Asigra) Edinburgh Operational
90 days ago
100.0 % uptime
Today
Cloud Backup (Asigra) Milton Keynes Operational
90 days ago
100.0 % uptime
Today
Cloud Backup (Asigra) Newcastle Operational
90 days ago
100.0 % uptime
Today
Cloud Backup (Asigra) Reading Operational
90 days ago
99.78 % uptime
Today
Cloud Backup (Veeam) Edinburgh Operational
90 days ago
100.0 % uptime
Today
Cloud Backup (Veeam) Milton Keynes Operational
90 days ago
100.0 % uptime
Today
Disaster Recovery Operational
90 days ago
100.0 % uptime
Today
Data Centre Services Operational
90 days ago
99.97 % uptime
Today
Edinburgh Medway Operational
90 days ago
100.0 % uptime
Today
Edinburgh Newbridge Operational
90 days ago
100.0 % uptime
Today
Edinburgh South Gyle Operational
90 days ago
100.0 % uptime
Today
Glasgow Operational
90 days ago
100.0 % uptime
Today
Maidenhead Operational
90 days ago
100.0 % uptime
Today
Milton Keynes Operational
90 days ago
100.0 % uptime
Today
Newcastle Central Operational
90 days ago
100.0 % uptime
Today
Newcastle East Operational
90 days ago
100.0 % uptime
Today
Reading Operational
90 days ago
100.0 % uptime
Today
Sheffield Operational
90 days ago
99.75 % uptime
Today
South London Operational
90 days ago
100.0 % uptime
Today
Managed Cloud Operational
90 days ago
100.0 % uptime
Today
Azure Operational
90 days ago
100.0 % uptime
Today
AWS Operational
90 days ago
100.0 % uptime
Today
Cloud Storage Edinburgh Operational
90 days ago
100.0 % uptime
Today
Cloud Storage Milton Keynes Operational
90 days ago
100.0 % uptime
Today
Cloud Storage Newcastle Central Operational
90 days ago
100.0 % uptime
Today
Cloud Storage Newcastle East Operational
90 days ago
100.0 % uptime
Today
Cloud Storage Reading Operational
90 days ago
100.0 % uptime
Today
Managed Office 365 Operational
90 days ago
100.0 % uptime
Today
Pulsant Enterprise Cloud (PEC) Edinburgh Operational
90 days ago
100.0 % uptime
Today
Pulsant Enterprise Cloud (PEC) Milton Keynes Operational
90 days ago
100.0 % uptime
Today
Pulsant Enterprise Cloud (PEC) Newcastle Central Operational
90 days ago
100.0 % uptime
Today
Pulsant Enterprise Cloud (PEC) Newcastle East Operational
90 days ago
100.0 % uptime
Today
Pulsant Enterprise Cloud (PEC) Reading Operational
90 days ago
100.0 % uptime
Today
Cloud Desktop Milton Keynes Operational
90 days ago
100.0 % uptime
Today
Cloud Desktop Edinburgh Operational
90 days ago
100.0 % uptime
Today
Email Security Services Operational
90 days ago
100.0 % uptime
Today
Managed Networks Operational
90 days ago
99.94 % uptime
Today
Cloud Connect Operational
90 days ago
100.0 % uptime
Today
Maidenhead Operational
90 days ago
100.0 % uptime
Today
Medway Operational
90 days ago
100.0 % uptime
Today
Milton Keynes Operational
90 days ago
100.0 % uptime
Today
Newcastle Operational
90 days ago
100.0 % uptime
Today
Newbridge Operational
90 days ago
100.0 % uptime
Today
Reading Operational
90 days ago
99.0 % uptime
Today
South Gyle Operational
90 days ago
100.0 % uptime
Today
South London Operational
90 days ago
100.0 % uptime
Today
South Yorkshire Operational
90 days ago
100.0 % uptime
Today
Leased Lines Operational
90 days ago
100.0 % uptime
Today
xDSL Services Operational
90 days ago
100.0 % uptime
Today
IP Transit Operational
90 days ago
100.0 % uptime
Today
Data Centre Failover Operational
90 days ago
100.0 % uptime
Today
Content Delivery Network (CDN) Operational
90 days ago
100.0 % uptime
Today
Cloud Fabric Operational
90 days ago
100.0 % uptime
Today
Data Centre Connect Operational
90 days ago
100.0 % uptime
Today
Metro Connect Operational
90 days ago
100.0 % uptime
Today
Optical Connect Operational
90 days ago
100.0 % uptime
Today
Managed Security Operational
90 days ago
100.0 % uptime
Today
Cloud Protect Operational
90 days ago
100.0 % uptime
Today
DDoS Protect Operational
90 days ago
100.0 % uptime
Today
Threat Intelligence Alert Operational
Operational
Degraded Performance
Partial Outage
Major Outage
Maintenance
Major outage
Partial outage
No downtime recorded on this day.
No data exists for this day.
had a major outage.
had a partial outage.