Microsoft PrintNightmare Vulnerability
Public 0-day exploit allows domain takeover
A remote code execution vulnerability exists in Windows OS when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft is encouraging customers to either "Disable the Print Spooler service" or "Disable inbound remote printing through Group Policy". Learn More »
Common Vulnerabilities and Exposures
Background
On June 30, it was disclosed that the technical details and a proof-of-concept (PoC) exploit have been accidentally leaked for a currently unpatched vulnerability in Windows that allows remote code execution. Despite the need for authentication, the severity of the issue is critical as threat actors can use it to take over a Windows domain server to easily deploy malware across a company’s network. The issue affects Windows Print Spooler and the researchers named it PrintNightmare.
Threat Radar Overall Score: 3.8
CVSS Rating | 8.0 | |
FortiRecon Score | 92/100 | |
Known Exploited | Yes | |
Exploit Prediction Score | 96.73% | |
FortiGuard Telemetry | 7 |
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
June 30: Initial details emerge
https://www.bleepingcomputer.com/news/security/public-windows-printnightmare-0-day-exploit-allows-domain-takeover/
March 15, 2022 - CISA reported that Russian state sponsored hackers have exploited this vulnerability in combination with default Mutli-Factor Authentication protocols to gain access to cloud and email accounts for document exfiltration. -
https://www.cisa.gov/uscert/ncas/alerts/aa22-074a
July 7, 2021- Full patch / fix released -
https://www.bleepingcomputer.com/news/security/microsoft-printnightmare-now-patched-on-all-windows-versions/
July 6, 2021 - Microsoft released a security patch (found later to be a partial fix) -
https://us-cert.cisa.gov/ncas/current-activity/2021/07/06/microsoft-releases-out-band-security-updates-printnightmare
July 2, 2021 - Microsoft is investigating the vulnerability and assigned a CVE to the vulnerability -
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
Decoy VM
-
Vulnerability
-
IPS
-
Outbreak Detection
-
Threat Hunting
-
Assisted Response Services
-
Automated Response
-
NOC/SOC Training
-
End-User Training
-
Vulnerability Management
-
Attack Surface Hardening
-
Inventory Management
-
Business Reputation
Decoy VM Detect activities on exploitation of PrintSpooler vulnerability.
Vulnerability Detects Vulnerable Endpoints and triggers Auto-Patching
IPS Detect activities on exploitation of PrintSpooler vulnerability
Outbreak Detection
Threat Hunting
Assisted Response Services Experts to assist you with analysis, containment and response activities.
FortiRecon: ACI
Automated Response Services that can automaticlly respond to this outbreak.
FortiClient Forensics
NOC/SOC Training Train your network and security professionals and optimize your incident response to stay on top of the cyberattacks.
End-User Training Raise security awareness to your employees that are continuously being targetted by phishing, drive-by download and other forms of cyberattacks.
FortiPhish
Vulnerability Management Reduce the attack surface on software vulnerabilities via systematic and automated patching.
Attack Surface Hardening Check Security Fabric devices to build actionable configuration recommendations and key indicators.
Inventory Management Check Security Fabric devices to build actionable configuration recommendations and key indicators.
IoT and OT Detection
Business Reputation Know attackers next move to protect against your business branding.
FortiRecon: EASM
FortiRecon: BP
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
Indicators of compromise
IOC Indicator List
Indicators of compromise
IOC Threat Activity
Last 30 days
Chg
Avg 0
Mitre Matrix
Click here for the ATT&CK Matrix
References
Sources of information in support and relation to this Outbreak and vendor.