New Windows Vulnerability Is A Nightmare For Businesses

PrintNightmare vulnerability is a nightmare for businesses | Cybersecurity & Data Protection | Ohio CPA Firm

Insight Into Microsoft’s ‘PrintNightmare’ Vulnerability

Rea & Associates’ cybersecurity & data protection services team is working to provide ongoing information regarding the Windows Print Spooler vulnerability, “PrintNightmare.”

This public proof-of-concept exploit code shows remote code execution is possible and leads to SYSTEM privileges on compromised systems. Initial reports suggested this exploit code was related to CVE-2021-1675. Microsoft released a patch for CVE-2021-0675 on June 8, 2021. Microsoft has since announced a new CVE for this exploit (CVE-2021-34527) and notes it’s a separate vulnerability from the one patched on June 8.


Check out the video below to hear Lamarcus Crowders interview Paul Hugenberg, a leader on Rea’s cyber team, about the PrintNightmare vulnerability on Rea Live.

Protect Your Business From PrintNightmare

Here are some important key points and recommendations. Note: As of July 6, a patch was released to protect consumers from PrintNightmare. Click here to find out if the appropriate patch has been installed on your computer.

  • The public exploit code works even against fully patched systems (including the Microsoft patch for CVE-2021-1675 released on June 8).
  • Exploitation requires authenticated user access.
  • The Printer Spooler service is enabled by default on all Windows Server installations outside of Windows Server Core and is the vulnerable service for this exploit.
  • It’s recommended that the Print Spooler service be disabled on all Windows Systems where it is not necessary.Check out this insight from the Cybersecurity & Infrastructure Secruity Agency
  • Those NOT protected by existing endpoint behavioral detections, which would detect if attackers are attempting to leverage this exploit, should contact us immediately to discuss protection options.
  • Rea’s Cyber team is in the process of working with our technology partners to stay on top of new detections. Specifically detections related to this vulnerability.
  • We will continue to monitor the situation and will send additional information as necessary. Updates will include any news of updated patches from Microsoft.
  • Microsoft is expected to release an out-of-band (OOB) patch for this vulnerability.

Not The First, Won’t Be The Last

The Print Spooler exploit is further evidence why both robust defensive technologies along with capable cybersecurity expertise are critical to keeping businesses safe. We are here to help. If you suspect malicious behavior or fraudulent network activity, reach out to cyber.services@reacpa.com.

By Shawn Richardson, director of cybersecurity and data protection services (Wooster CPA Firm)

Looking for additional insight from Rea’s cybersecurity and data protection services team, check out these resources:

[PODCAST] Is Your Business Putting National Security At Risk?

[ON-DEMAND WEBINAR] Managed Service Providers Vs. Managed Security Service Providers: How Do They Differ?

[ARTICLE] Perspectives: What Does The IT Department Do?