ActionPoint Update: PrintNightmare

PrintNightmare

The Backstory 

At the end of June, two different research teams published information about CVE-2021-1675, a remote code execution (RCE) vulnerability in the Windows Print Spooler. The name PrintNightmare is being used to refer to the PoC and vulnerability interchangeably across several sources, though it remains unclear currently if this moniker was intended for the newly released patch bypass, additional Print Spooler vulnerabilities which sources claim exist or CVE-2021-1675.

Microsoft issued a statement, saying: “Our investigation has shown that the OOB security update is working as designed and is effective against the known printer spooling exploits and other public reports collectively being referred to as PrintNightmare. All reports we have investigated have relied on the changing of default registry setting related to Point and Print to an insecure configuration. Microsoft has focused its efforts on making customer protections available as quickly as possible and our guidance has been updated as our understanding of the issue has evolved.”

Protecting Our Customers

On July 1, Microsoft released an advisory for CVE-2021-34527, the vulnerability known as PrintNightmare. This causes a weakness in the print spooler that could potentially result in an attack. Using ConnectWise Automate to lockdown the print spooler, the IT Services Desk at ActionPoint were able to lockdown this threat in a matter of hours to protect our customer base. A permanent patch is being rolled out via ConnectWise Automate to rectify the issue.

 

ActionPoint Update: Kaseya

Kaseya Ransomware

 The Backstory

According to Gizmodo.com, employees warned Kaseya’s leadership about critical security flaws in its software but their concerns were dismissed, former workers told Bloomberg. Several members of staff left the organisation in frustration or were fired after repeatedly sounding the alarm about failings in the IT firm’s cybersecurity practices. Now, Kaseya is paying the price, with more than 1,000 companies worldwide tangled in the attack.

Some of the largest security problems within Kaseya included outdated code, weak encryption and passwords in products, as well as the general failure to meet basic cybersecurity requirements including continuous patching of its software and servers, according to Bloomberg.

Protecting Our Customers

IT Management Software, Kaseya is at the centre of a massive ransomware attack, that has ensnared more than 1,000 companies worldwide. ConnectWise disabled Kaseya integrations and ConnectWise Automate patched to latest version (2021.6) evening of the publication – 2021.7 scheduled for 12th.

Protect your Business

With multiple high-profile ransomware attacks taking place globally, in business of all sizes, it has become more important than ever to protect your organisation. Learn more about our  Security Services, here. 

Share post

Ready to get started?

Contact us today and we can begin discussing your needs. We can quickly provide you with a sense of our approach, estimated costs and a top-level timeframe.

REQUEST A CALLBACK
ISO27001 Certification logo
Dell Platinum Partner Logo
Microsoft Partner logo
vm ware partner logo
Veeam partner logo
sophos-platinum-logo
Commvault Logo

Get our Company Brochure

Please enter your details to download our Company Brochure. We will also send a copy to your inbox.