Over the last 24 hours, a zero-day exploit leveraging a vulnerability in the Windows Print Spooler Service has been publicly published and acknowledged by Microsoft. The exploit, termed “PrintNightmare” (CVE-2021-1675) does not currently have a complete fix from Microsoft.
While the vulnerability leverages the print spooler process to enable a Remote Code Execution vulnerability, the risk extends beyond printing to the underlying operating system at the desktop and server level. Some security experts and teams are suggesting disabling of the Windows Print Spooler Service.The US Cybersecurity and Infrastructure Security Agency (CISA) is recommending that administrators disable the Windows Print spooler service in Domain Controllers and systems that do not print.
Many Pharos’ Blueprint and Uniprint customers leverage the Windows Print Spooler Service as a print file transport layer to the Blueprint and Uniprint job storage services. Disabling the Print Spooler Service for these customers and end user clients will result in print interruption.
However, we recommend that all customers follow the security precautions and recommendations of your IT Security teams.
As the Pharos Beacon cloud platform does not use the Windows Print Spooler, it is unaffected by the disabling of the Spooling Service on servers (though disabling it on desktops will prevent all print from Windows).
Clients who are unsure about whether they are relying on Windows Print Spooling or looking to reduce reliance on Windows Print Spooling should contact Pharos support for guidance and support.
In the meantime, Pharos will continue to monitor the PrintNightmare vulnerability and communicate to our partners and clients as the threat evolves and as the vulnerability is eliminated.