My Pulsant
Update - CVE-2021-34527 - Windows Print Spooler Remote Code Execution Vulnerability
Further Update to https://status.pulsant.com/incidents/lg7s23dsrrc8
Microsoft have now released an out-of-band update for all supported Windows clients KB5004958 and server operating systems. They have recommended that these are applied without delay, prioritizing any devices that currently host the print spooler service.
After applying the above update, consideration should be given to restricting installation of new printer drivers by non-administrators (see link to KB5005010, below).
For clients who manage their own infrastructure, Pulsant advise that they follow the Microsoft security advisories (see links below).
External Links:
https://support.microsoft.com/en-us/topic/july-6-2021-kb5004958-security-only-update-out-of-band-d439df52-8f5a-4cb8-9d0d-c2f1bb036a5e
https://support.microsoft.com/en-us/topic/kb5005010-restricting-installation-of-new-printer-drivers-after-applying-the-july-6-2021-updates-31b91c02-05bc-4ada-a7ea-183b129578a7
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
Jul 7, 15:06 BST
Further Update to https://status.pulsant.com/incidents/lg7s23dsrrc8
Microsoft have now released an out-of-band update for all supported Windows clients KB5004958 and server operating systems. They have recommended that these are applied without delay, prioritizing any devices that currently host the print spooler service.
After applying the above update, consideration should be given to restricting installation of new printer drivers by non-administrators (see link to KB5005010, below).
For clients who manage their own infrastructure, Pulsant advise that they follow the Microsoft security advisories (see links below).
External Links:
https://support.microsoft.com/en-us/topic/july-6-2021-kb5004958-security-only-update-out-of-band-d439df52-8f5a-4cb8-9d0d-c2f1bb036a5e
https://support.microsoft.com/en-us/topic/kb5005010-restricting-installation-of-new-printer-drivers-after-applying-the-july-6-2021-updates-31b91c02-05bc-4ada-a7ea-183b129578a7
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
Jul 7, 15:06 BST
Identified - CVE-2021-34527 - Windows Print Spooler Remote Code Execution Vulnerability
Synopsis:
Further to Pulsant Incident Report dated Jul 01, 2021 – 20:46 BST - CVE-2021-1675 - https://status.pulsant.com/incidents/k0t5lyhxjnx7
Microsoft has released CVE-2021-34527 - Windows Print Spooler Remote Code Execution Vulnerability. This relates to the vulnerability publicly known as “PrintNightmare” and although similar to CVE 2021-1675 should is being treated as distinct by Microsoft.
Nature of the Threat:
A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
An attack must involve an authenticated user calling RpcAddPrinterDriverEx().
Level of Threat:
Microsoft is aware of an instance of this vulnerability being exploited. As such, customers who have reviewed the security update and determined its applicability within their environment should treat this with the highest priority.
Impacted Systems:
All Windows Operating Systems
Remediation Advice:
Microsoft continue to work upon an effective patch and in lieu of this have provided advice on workarounds. Clients who require the assistance of Pulsant to perform workarounds are asked to submit a request and acknowledge the risk that the Microsoft recommended workaround may impact the ability to print both locally and remotely.
For clients who manage their own infrastructure, Pulsant advice remains as per previous update; Disable the Print Spooler service from all Windows Operating Systems where it is unnecessary, especially critical infrastructure e.g. Domain Controllers and Data Servers. Microsoft provides details for workarounds on their MSRC page, see link below.
External Links:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
Jul 5, 15:53 BST
Synopsis:
Further to Pulsant Incident Report dated Jul 01, 2021 – 20:46 BST - CVE-2021-1675 - https://status.pulsant.com/incidents/k0t5lyhxjnx7
Microsoft has released CVE-2021-34527 - Windows Print Spooler Remote Code Execution Vulnerability. This relates to the vulnerability publicly known as “PrintNightmare” and although similar to CVE 2021-1675 should is being treated as distinct by Microsoft.
Nature of the Threat:
A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
An attack must involve an authenticated user calling RpcAddPrinterDriverEx().
Level of Threat:
Microsoft is aware of an instance of this vulnerability being exploited. As such, customers who have reviewed the security update and determined its applicability within their environment should treat this with the highest priority.
Impacted Systems:
All Windows Operating Systems
Remediation Advice:
Microsoft continue to work upon an effective patch and in lieu of this have provided advice on workarounds. Clients who require the assistance of Pulsant to perform workarounds are asked to submit a request and acknowledge the risk that the Microsoft recommended workaround may impact the ability to print both locally and remotely.
For clients who manage their own infrastructure, Pulsant advice remains as per previous update; Disable the Print Spooler service from all Windows Operating Systems where it is unnecessary, especially critical infrastructure e.g. Domain Controllers and Data Servers. Microsoft provides details for workarounds on their MSRC page, see link below.
External Links:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
Jul 5, 15:53 BST
Identified - Windows Print Spooler Remote Code Execution (RCE) Vulnerability - CVE-2021-1675
Synopsis:
Within the June 2021 security updates, Microsoft released a patch to address a Print Spooler vulnerability (now known as PrintNightmare). However, it has recently been determined that this patch will not address the cause of the vulnerability and therefore the application of the patch itself cannot be deemed to fully remediate.
Nature of the Threat:
As the Print Spooler operates with SYSTEM privileges, an attacker could exploit the PrintNightmare vulnerability to obtain systems privileges and execute arbitrary code at the system level.
At the time of this advisory, there are known to be at least one proof-of-concept to exploit the PrintNightmare vulnerability, more are likely to follow. There is no indication of a weaponised exploit.
Impacted Systems:
All Windows Operating Systems
Remediation Advice:
Microsoft are expected to release a further patch, but that is not anticipated prior to 12th July 21.
Pulsant have considered actions in relation to mitigating this threat and will work with client to initiate activities in a coordinated effort to communicate and minimise any operational impact.
Pulsant recommends that all clients who manage their own infrastructure should disable the Print Spooler service from all Windows Operating Systems where it is unnecessary, especially critical infrastructure e.g. Domain Controllers and Data Servers.
External Links:
CVE-2021-1675 - Security Update Guide - Microsoft - Windows Print Spooler Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
PrintNightmare vulnerability: what to do – Sophos News
https://news.sophos.com/en-us/2021/07/01/printnightmare-vulnerability-what-to-do/
Jul 1, 20:46 BST
Synopsis:
Within the June 2021 security updates, Microsoft released a patch to address a Print Spooler vulnerability (now known as PrintNightmare). However, it has recently been determined that this patch will not address the cause of the vulnerability and therefore the application of the patch itself cannot be deemed to fully remediate.
Nature of the Threat:
As the Print Spooler operates with SYSTEM privileges, an attacker could exploit the PrintNightmare vulnerability to obtain systems privileges and execute arbitrary code at the system level.
At the time of this advisory, there are known to be at least one proof-of-concept to exploit the PrintNightmare vulnerability, more are likely to follow. There is no indication of a weaponised exploit.
Impacted Systems:
All Windows Operating Systems
Remediation Advice:
Microsoft are expected to release a further patch, but that is not anticipated prior to 12th July 21.
Pulsant have considered actions in relation to mitigating this threat and will work with client to initiate activities in a coordinated effort to communicate and minimise any operational impact.
Pulsant recommends that all clients who manage their own infrastructure should disable the Print Spooler service from all Windows Operating Systems where it is unnecessary, especially critical infrastructure e.g. Domain Controllers and Data Servers.
External Links:
CVE-2021-1675 - Security Update Guide - Microsoft - Windows Print Spooler Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
PrintNightmare vulnerability: what to do – Sophos News
https://news.sophos.com/en-us/2021/07/01/printnightmare-vulnerability-what-to-do/
Jul 1, 20:46 BST
About This Site
We are the UK’s leading colocation and cloud infrastructure provider.
We provide colocation and cloud infrastructure services from our 10 regional data centres, including integration and management of public cloud, with a core focus on availability, security and connectivity.
Business Continuity
Operational
Cloud Backup (Asigra) Edinburgh
Operational
Cloud Backup (Asigra) Milton Keynes
Operational
Cloud Backup (Asigra) Newcastle
Operational
Cloud Backup (Asigra) Reading
Operational
Cloud Backup (Veeam) Edinburgh
Operational
Cloud Backup (Veeam) Milton Keynes
Operational
Disaster Recovery
Operational
Data Centre Services
Operational
Edinburgh Medway
Operational
Edinburgh Newbridge
Operational
Edinburgh South Gyle
Operational
Glasgow
Operational
Maidenhead
Operational
Milton Keynes
Operational
Newcastle Central
Operational
Newcastle East
Operational
Reading
Operational
Sheffield
Operational
South London
Operational
Managed Cloud
Operational
Azure
Operational
AWS
Operational
Cloud Storage Edinburgh
Operational
Cloud Storage Milton Keynes
Operational
Cloud Storage Newcastle Central
Operational
Cloud Storage Newcastle East
Operational
Cloud Storage Reading
Operational
Managed Office 365
Operational
Pulsant Enterprise Cloud (PEC) Edinburgh
Operational
Pulsant Enterprise Cloud (PEC) Milton Keynes
Operational
Pulsant Enterprise Cloud (PEC) Newcastle Central
Operational
Pulsant Enterprise Cloud (PEC) Newcastle East
Operational
Pulsant Enterprise Cloud (PEC) Reading
Operational
Cloud Desktop Milton Keynes
Operational
Cloud Desktop Edinburgh
Operational
Email Security Services
Operational
Managed Networks
Operational
Cloud Connect
Operational
Maidenhead
Operational
Medway
Operational
Milton Keynes
Operational
Newcastle
Operational
Newbridge
Operational
Reading
Operational
South Gyle
Operational
South London
Operational
South Yorkshire
Operational
Leased Lines
Operational
xDSL Services
Operational
IP Transit
Operational
Data Centre Failover
Operational
Content Delivery Network (CDN)
Operational
Cloud Fabric
Operational
Data Centre Connect
Operational
Metro Connect
Operational
Optical Connect
Operational
Managed Security
Operational
Cloud Protect
Operational
DDoS Protect
Operational
Threat Intelligence Alert
Operational
Operational
Degraded Performance
Partial Outage
Major Outage
Maintenance
Major outage
Partial outage
No downtime recorded on this day.
No data exists for this day.
had a major outage.
had a partial outage.