Press "Enter" to skip to content

Microsoft reveals active exploit against Print Spooler called PrintNightmare

Arguably bigger impact than the previous story, Microsoft has warned that there is an active exploit against all versions of Windows.  This targets the Windows Print Spooler with a vulnerability known as PrintNightmare.  

This can be mitigated by disabling the Print Spooler service, either locally or via Group Policy.   The CISA has also issued a notification on this issue.  

Microsoft has also warned of a critical .NET core remote code vulnerability issue in PowerShell 7.    Customers are urged to install PowerShell 7.0.6 and 7.1.3 as soon as possible.  

Why do we care?

There was a meme floating around that the fire of the Kaseya attack was bigger than the Microsoft one.    The Kaseya one may feel bigger to IT services companies and have a greater active price tag… but this Microsoft one has far greater reach.   

We care not to be overly distracted by one incident to ignore another.     The US military has a guiding principle of being able to handle two wars at the same time.   IT services companies should be asking themselves… how many fronts can I handle at the same time, and how do I prioritize?