ActionPoint Update: PrintNightmare
The Backstory
At the end of June, two different research teams published information about CVE-2021-1675, a remote code execution (RCE) vulnerability in the Windows Print Spooler. The name PrintNightmare is being used to refer to the PoC and vulnerability interchangeably across several sources, though it remains unclear currently if this moniker was intended for the newly released patch bypass, additional Print Spooler vulnerabilities which sources claim exist or CVE-2021-1675.
Microsoft issued a statement, saying: “Our investigation has shown that the OOB security update is working as designed and is effective against the known printer spooling exploits and other public reports collectively being referred to as PrintNightmare. All reports we have investigated have relied on the changing of default registry setting related to Point and Print to an insecure configuration. Microsoft has focused its efforts on making customer protections available as quickly as possible and our guidance has been updated as our understanding of the issue has evolved.”
Protecting Our Customers
On July 1, Microsoft released an advisory for CVE-2021-34527, the vulnerability known as PrintNightmare. This causes a weakness in the print spooler that could potentially result in an attack. Using ConnectWise Automate to lockdown the print spooler, the IT Services Desk at ActionPoint were able to lockdown this threat in a matter of hours to protect our customer base. A permanent patch is being rolled out via ConnectWise Automate to rectify the issue.
ActionPoint Update: Kaseya
The Backstory
According to Gizmodo.com, employees warned Kaseya’s leadership about critical security flaws in its software but their concerns were dismissed, former workers told Bloomberg. Several members of staff left the organisation in frustration or were fired after repeatedly sounding the alarm about failings in the IT firm’s cybersecurity practices. Now, Kaseya is paying the price, with more than 1,000 companies worldwide tangled in the attack.
Some of the largest security problems within Kaseya included outdated code, weak encryption and passwords in products, as well as the general failure to meet basic cybersecurity requirements including continuous patching of its software and servers, according to Bloomberg.