The Cybersecurity and Infrastructure Security Agency late Tuesday ordered federal agencies to disable the Microsoft Windows Print Spooler service because of an alarming flaw that could allow attackers to take over systems remotely.
CISA, part of the Department of Homeland Security, gave agencies until midnight Wednesday to disable the service in response to the so-called “PrintNightmare” bug. Its “emergency directive” also ordered agencies to implement Microsoft security updates by July 20.
The PrintNightmare issue has given Microsoft fits for weeks. It issued a patch last week that some security pros said didn’t work properly. On Tuesday, Microsoft issued another Print Spooler fix as part of its “Patch Tuesday” update, the latest of which also included answers for 13 “critical vulnerabilities” and four under active attack.
“CISA has determined that this vulnerability poses an unacceptable risk to Federal Civilian Executive Branch agencies and requires emergency action,” CISA said in its PrintSpooler emergency directive. “This determination is based on the current exploitation of this vulnerability by threat actors in the wild, the likelihood of further exploitation of the vulnerability, the prevalence of the affected software in the federal enterprise, and the high potential for a compromise of agency information systems.”
The agency said it “has validated various proofs of concept and is concerned that exploitation of this vulnerability may lead to full system compromise of agency networks if left unmitigated.”
CISA also is working with the General Services Administration’s Federal Risk and Authorization Management Program, which sets security standards for federal agencies’ cloud providers, to coordinate with those companies.
Some security experts suggested CISA should’ve acted more quickly.
CISA finally issued an emergency directive to do stuff with these vulns. https://t.co/k0JF0sQ6cm
— Kevin Beaumont (@GossiTheDog) July 13, 2021
This is good advice for everyone, not just for executive agencies. https://t.co/2HDqRdI0LA
— Pwn All The Things (@pwnallthethings) July 14, 2021
It’s the second Microsoft emergency directive CISA has issued this year, following an order for agencies to address Microsoft Exchange Server vulnerabilities. It came on the same day the agency swore in its new director, Jen Easterly.