Security News > 2021 > July > CISA Issues Emergency Directive to Address 'PrintNightmare' Vulnerability
CISA says multiple threat actors are exploiting the Windows 'PrintNightmare' vulnerability.
The United States Cybersecurity and Infrastructure Security Agency on Tuesday issued Emergency Directive 21-04, which requires all federal agencies to apply the available patches for the recently disclosed Microsoft Print Spooler service vulnerability within one week.
The agency warns that the vulnerability has been actively exploited by multiple threat actors.
An operational component under the Department of Homeland Security, CISA on Tuesday informed federal agencies that they should apply the patches that Microsoft released for PrintNightmare by July 20, 2021, and that they should immediately disable the Print Spooler service on all Active Directory Domain Controllers.
"CISA has determined that this vulnerability poses an unacceptable risk to Federal Civilian Executive Branch agencies and requires emergency action. This determination is based on the current exploitation of this vulnerability by threat actors in the wild, the likelihood of further exploitation of the vulnerability, the prevalence of the affected software in the federal enterprise, and the high potential for a compromise of agency information systems," the agency notes.
With Emergency Directive 21-04, federal agencies are also required to either stop and disable the Print Spooler service on Windows hosts, or change Point and Print Restrictions Group Policy settings and policies to ensure that warnings are displayed upon unauthorized access attempts.
News URL
Related news
- CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094) (source)
- CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability (source)