Microsoft Releases Security Updates for ‘PrintNightmare’ Cybersecurity Vulnerability

AHA Cybersecurity Advisory
July 7, 2021

Cybersecurity & Infrastructure Security Agency encourages users to review Microsoft updates and apply them

Microsoft has released out-of-band security updates to address a remote code execution (RCE) vulnerability — known as PrintNightmare (CVE-2021-34527) — in the Windows Print spooler service. The Computer Emergency Response Team Coordination Center (CERT/CC), part of the Software Engineering Institute at Carnegie Mellon University, last week reported a critical RCE vulnerability impacting the Windows Print Spooler service that allows a remote authenticated attacker to execute arbitrary code with system privileges on a vulnerable system.

The updates are cumulative and contain all previous fixes, as well as protections for CVE-2021-1675. The updates do not include Windows 10 version 1607, Windows Server 2012 or Windows Server 2016 — Microsoft states updates for these versions are forthcoming. According to CERT/CC, “the Microsoft update for CVE-2021-34527 only appears to address the Remote Code Execution (RCE via SMB and RPC) variants of the PrintNightmare, and not the Local Privilege Escalation (LPE) variant.” See CERT/CC Vulnerability Note VU #383432 for workarounds for the LPE variant.

The Cybersecurity & Infrastructure Security Agency (CISA) encourages users and administrators to review the Microsoft security updates as well as CERT/CC Vulnerability Note VU #383432 and apply the necessary updates or workarounds. For additional background, see CISA’s initial communication.

WHAT YOU CAN DO

Hospital and health system leaders are encouraged to ensure that their information technology, information security and clinical engineering teams are aware of the above information and are taking appropriate recommended action.

FURTHER QUESTIONS

For more information on these or other related issues, contact John Riggi, AHA’s senior advisor for cybersecurity and risk advisory services, at jriggi@aha.org.

Related Resources

Letter/Comment
Public
The American Hospital Association (AHA) writes in support of the Protecting and Transforming Cyber Health Care (PATCH) Act (S.3983). AHA and its members are…
AHA Center for Health Innovation Market Scan
Health care is under attack as never before from cybercriminals, and the stakes are rising for hospitals and patient safety. The latest potential threat: The…
Advancing Health Podcast
Public
Over the past few years every leader of health care organization in the country has had to acknowledge the threat of a cyberattack that has the potential to…
Advancing Health Podcast
Public
In this special Cybersecurity podcast we have the opportunity to talk to leaders of an AHA member hospital who was a victim of a major ransomware attack in the…
Letter/Comment
Public
AHA letter to Senators Jack Rosen and Bill Cassidy, M.D. voicing support of the Healthcare Cybersecurity Act (S.3904).
Advisory
Public
President Biden today urged an immediate hardening of private-sector cyber defenses “based on evolving intelligence that the Russian Government is exploring…