Microsoft’s run of bad luck continues to worsen, as Bleeping Computer and CrowdStrike report PrintNightmare’s (CVE-2021-1675, CVE-2021-34527, and CVE-2021-36958) active use in malicious ransomware exploits.
Hackers’ ransomware demands often put extreme financial pressure on companies, and as such, these widespread vulnerabilities are of particular concern for companies with important digital assets and poorly maintained networks / systems.
Given Windows’ reliance on legacy code, a complete rebuild of printing services seems unlikely, meaning companies are stuck with patches which simply don’t work.
Until an effective patch is published, we recommend disabling the Windows Print Spooler service where possible, and closely monitoring network usage for suspicious traffic. These exploits highlight the critical importance of implementing and maintaining good baseline security measures, and limiting users’ unauthorised use of machines.
You can read more here at Bleeping Computer and CrowdStrike. As best you can, stay secure.