Are you protected against the PrintNightmare exploit? (or CVE-2021-1675 to use its formal name)
Chris Foulstone
1st July 2021
What is CVE-2021-1675?
CVE-2021-1675 - it just rolls off the tongue doesn't it. The CVE part stands for "Common Vulnerabilities and Exposures" and all it means is someone has found a potential way to break into your IT systems, and it's been recorded in a central database to let others know to watch out for it.
But this one gets it's own name - PrintNightmare - and rightly so because it's a nasty one that has the potential to expose your confidential business data and leave your secure logins vulnerable.
How serious is PrintNightmare, and should I be worried about it?
It's serious. At the time of writing there is no official patch from Microsoft - the fix they released that was intended to address the issue has been confirmed to not work. To make matters worse a detailed proof of concept has been published online, which is very helpful when it comes to creating a fix, but can also be effectively used as a how to guide for would be hackers.
So, whilst CVE exploits are fairly common, they're usually less severe and more quickly fixed than this one, which makes PrintNightmare deserving of its name. We've already seen evidence of businesses being comprised by this exploit, so this one is just about as serious and scary as they get.
Who is vulnerable to the PrintNightmare exploit?
The short answer, anyone who's running a Windows computer with printer sharing enabled. That covers most business environments, and a large percentage of home users too. The real target however is likely to be business domain controllers, with the exploit creating a path into the central hub of an organisation where the most damage can be done.
How can I protect myself against the PrintNightmare exploit?
At the time of writing there is still no official patch from Microsoft, but some of the good guys from the IT community have figured out a temporary fix that should prevent this particular exploit from being leveraged. Ensuring the script is run correctly and is suitable for your particular IT set up is a pretty technical procedure, so your best bet is to contact your IT company and ask them to do it.
Impelling have already applied an adaptation of this fix to our vulnerable customers and we are confident our efforts will keep our customers and their data safe when it comes to CVE-2021-1675. Having a team that's on top of the latest security news and able to action threats quickly is a huge advantage to outsourcing your IT. If you'd like to find out more about our IT services check out our Managed IT page, or feel free to get in touch.
If you're not an Impelling customer, and you're concerned about PrintNightmare, again, feel free to get in touch and our team will be happy to advise the best we can.