Government

CISA orders agencies to disable Microsoft Print Spooler in response to ‘PrintNightmare’ flaw

The bug has given Microsoft fits for weeks, and now CISA is requiring federal agencies to take action.

July 14, 2021

(Getty Images)

The Cybersecurity and Infrastructure Security Agency late Tuesday ordered federal agencies to disable the Microsoft Windows Print Spooler service because of an alarming flaw that could allow attackers to take over systems remotely.

CISA, part of the Department of Homeland Security, gave agencies until midnight Wednesday to disable the service in response to the so-called “PrintNightmare” bug. Its “emergency directive” also ordered agencies to implement Microsoft security updates by July 20.

The PrintNightmare issue has given Microsoft fits for weeks. It issued a patch last week that some security pros said didn’t work properly. On Tuesday, Microsoft issued another Print Spooler fix as part of its “Patch Tuesday” update, the latest of which also included answers for 13 “critical vulnerabilities” and four under active attack.

“CISA has determined that this vulnerability poses an unacceptable risk to Federal Civilian Executive Branch agencies and requires emergency action,” CISA said in its PrintSpooler emergency directive. “This determination is based on the current exploitation of this vulnerability by threat actors in the wild, the likelihood of further exploitation of the vulnerability, the prevalence of the affected software in the federal enterprise, and the high potential for a compromise of agency information systems.”

The agency said it “has validated various proofs of concept and is concerned that exploitation of this vulnerability may lead to full system compromise of agency networks if left unmitigated.”

CISA also is working with the General Services Administration’s Federal Risk and Authorization Management Program, which sets security standards for federal agencies’ cloud providers, to coordinate with those companies.

Some security experts suggested CISA should’ve acted more quickly.

https://twitter.com/GossiTheDog/status/1415097060802678785

Others said CISA’s emergency directive might offer a message for the private sector to get on the ball.

https://twitter.com/pwnallthethings/status/1415100679513911298

It’s the second Microsoft emergency directive CISA has issued this year, following an order for agencies to address Microsoft Exchange Server vulnerabilities. It came on the same day the agency swore in its new director, Jen Easterly.

CISA orders agencies to disable Microsoft Print Spooler in response to ‘PrintNightmare’ flaw

More Like This

Democratic operative behind Biden AI robocall says lawsuit won’t ‘get anywhere’

Proposed data broker regulations draw industry pushback on anonymized data exceptions, bulk thresholds

FCC wants rules for ‘most important part of the internet you’ve probably never heard of’

Top Stories

Iranian nationals charged with hacking U.S. companies, Treasury and State departments

More Scoops

CISA emergency directive tells agencies to fix credentials after Microsoft breach

Federal government affected by Russian breach of Microsoft

Training days: How officials are using AI to prepare election workers for voting chaos

CISA needs better workforce planning to handle operational technology risks, GAO says

CISA: No credible election threats, and no contact with social media companies

Ivanti integrity checker tool needs latest update to work, Five Eyes alert warns

Microsoft rolls out expanded logging six months after Chinese breach

Latest Podcasts

How Troy Hunt knows if you’ve been hacked and Washington tries to understand AI

Why pig butchering is the worst kind of online scam

How the FBI fights ransomware

Rumman Chowdhury on AI red-teaming; a Sisense supply chain attack

Government

Technology

Threats

Geopolitics