PrintNightmare vulnerability prompts CISA to order federal agencies to patch Windows computers

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered government agencies to start immediately acting against a newly revealed Microsoft Windows vulnerability known as “PrintNightmare.”

CISA issued an emergency directive Tuesday requiring all federal civilian executive branch agencies to disable the “print spooler” service on their Windows computers by midnight Wednesday.

Agencies covered by the directive then have a full week to apply new security patches to all Windows servers and workstations. Each must submit  by July 21 a report to CISA attesting completion of the work.

The printer spool vulnerability affects every version of Windows, Microsoft‘s flagship operating systems, and can be exploited by attackers in a way that allows them to remotely execute arbitrary code

Microsoft has warned that a hacker who successfully exploits the bug can conduct such activity as remote installation of malicious software and viewing or deleting sensitive data.

“CISA is concerned that exploitation of this vulnerability may lead to full system compromise of affected agency networks if left unmitigated,” the agency said in a news release announcing the directive.

“While no federal civilian agencies are known to have experienced intrusions, this is a serious vulnerability which requires all agencies to take action,” CISA added in a Twitter posting about its order.

Microsoft first publicly acknowledged the printer spool bug July 1, and it released a security patch for it on July 6. It also recommends all users install the appropriate updates immediately.

Details about the bug first became public several days earlier when security researchers at Sangfor Technologies published online their analysis of what they called the “PrintNightmare” vulnerability.

Sangford a global IT vendor headquartered in China, later said that its researchers accidentally published their “PrintNightmare” analysis on the false assumption Microsoft had issued the patch already.

“We would like to reassure everyone that an honest mistake was made and quickly corrected,” Sangfor said in a statement Friday.

Four days later, CISA said it was aware of the “PrintNightmare” vulnerability being actively exploited by threatening actors and accordingly ordered the agencies to patch their systems appropriately.

“Since this exploitation was identified, CISA has been engaged with Microsoft and federal civilian agencies to assess potential risk to federal agencies and critical infrastructure,” said Eric Goldstein, CISA‘s executive assistant director for cybersecurity. “CISA‘s mission is to protect the nation against cybersecurity threats, and this directive reflects our determination to require emergency action for exploitations that pose an unacceptable risk to the federal civilian enterprise. We will continue to actively monitor exploitation of this vulnerability and provide additional guidance, as appropriate.”

CISA issued the emergency order the same day Jen Easterly was sworn in as its new director. She succeeds former acting CISA director Brandon Wales, who led the agency after its first director, Christopher Krebs, was fired by then-President Trump in November for rejecting his unproven claims of election fraud.

Sign up for Daily Newsletters

Share this post