Update #7
The latest round of Microsoft patches along with the configuration settings to address the PrintNightmare vulnerability have been implemented across the environment. Testing indicates the exploits are blocked.
The spooler has been enabled on all systems that have been patched and where it is required.
There are a few systems that could not be completed during the maintenance window and the spooler remains disabled. If you experience any issues, please contact support for assistance.
Update #6
The latest round of Microsoft patches along with the configuration settings have passed our sandbox testing to address the PrintNighmare vulnerability.
Emergency maintenance windows will be communicated to complete the installation of the patches to minimize disruption and allow sufficient time to verify that necessary configuration is applied as expected.
Our target is to have the spooler enabled and systems back to normal operation after completing above remediation efforts by July 9, 2021 9:00AM EDT.
Update #5
Microsoft has released additional patches as well as additional system configuration settings to address the PrintNightmare vulnerability.
OS33's Security team is currently evaluating and analyzing these new patches and system configurations to determine if these changes fully address the vulnerability.
OS33's Security team and Senior Engineers are engaged with Microsoft and industry resources to monitor any new developments regarding the PrintNightmare vulnerability.
Update #4
The patch released by Microsoft yesterday has been found to not fully address the vulnerability in the PrintNightmare exploit. The mitigations that have been released to date (including the latest Microsoft patch) have been applied by OS33.
At this time there is no known workaround or solution to safely enable the spooler service or allow printing without putting data and systems at risk.
OS33's Security team and Senior Engineers are engaged with Microsoft and industry resources to monitor any new developments regarding the PrintNightmare vulnerability.
Update #3
Microsoft has updated their guidance on this vulnerability and have confirmed this vulnerability impacts "all versions of Windows" when the Windows Print Spooler service is enabled.
At this time there is no known workaround or solution to safely enable the spooler service or allow printing without putting data and systems at risk.
Microsoft has not provided an ETA for a patch at this time.
View @StanHacked for previous versions of the chart above.
OS33's Security team and Senior Engineers are engaged with Microsoft and industry resources to monitor any new developments regarding the PrintNightmare vulnerability.
Update #2
Testing of our proposed mitigation configuration and using other published suggestions was determined to not fully protect our servers from PrintNightmare vulnerability.
At this time there is no known workaround or solution to safely enable the spooler service or allow printing without putting data and systems at risk.
OS33's Security team and Senior Engineers are engaged with Microsoft and industry resources to monitor any new developments regarding the PrintNightmare vulnerability.
Update #1 OS33's Security team and Senior Engineers are testing potential mitigation configurations. At this time it is not known if these mitigations are viable until the testing is complete.
Therefore, we are unable to provide an ETA for the mitigation configurations. This is the top priority and OS33 is using all available resources to restore hosted printing as quickly and safely as possible.
Background Information
Cybersecurity experts have issued a high level advisory on a Windows zero-day vulnerability named "PrintNightmare". The vulnerability is being characterized as a "remote code execution vulnerability" and is actively being exploited, according to Microsoft.
The Windows Print Spooler service (Spooler) could allow an attacker who successfully exploited this vulnerability to run malicious code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
PrintNightmare is a serious flaw that requires immediate action. The term "zero-day" means that the vulnerability has been confirmed and there is no patch available to mitigate the vulnerability. For more information on this vulnerability, visit cisa.gov.
Our Response
To protect customers, data, and systems, OS33 is following expert recommendations "to stop and disable the spooler service" on all hosted servers.
What Is the Impact of Stopping and Disabling the Spooler Service?
This will stop all printing functions in the hosted environment.
What If I Need to Print Something?
- Use "Save as PDF"
Many programs have a "Save as PDF" function that may be an alternative, if a PDF file can be used in place of a physical document. - Print Locally
If you can access to Workplace Drive locally on your device, printing from your local device can be another alternative.
OS33 is monitoring this issue closely due to the critical nature of the vulnerability and the impact to core business functions with hosted printing disabled. We will update this article as we learn more information.