Security News > 2021 > July > CISA orders federal agencies to patch Windows PrintNightmare bug
A new emergency directive issued by the Cybersecurity and Infrastructure Security Agency orders federal agencies to mitigate the actively exploited Window Print Spooler vulnerability on their networks.
CISA issued the Emergency Directive 21-04 after Microsoft released security updates on Friday to address the vulnerability dubbed PrintNightmare in all supported Windows versions.
As CISA explained, the emergency actions required are a direct result of unacceptable risks to Federal Civilian Executive Branch agencies posed by PrintNightmare bug's exploitation in ongoing attacks.
"CISA has validated various proofs of concept and is concerned that exploitation of this vulnerability may lead to full system compromise of agency networks if left unmitigated," CISA said.
While no federal civilian agencies are known to have experienced intrusions, this is a serious vulnerability which requires all agencies to take action.
Microsoft has clarified the PrintNightmare patch guidance and shared the steps required to correctly patch the critical vulnerability on Friday after multiple security researchers tagged the patches as incomplete.