HC3 TLP White Alert: PrintNightmare, Windows Print Spooler Service Vulnerability (Update 1) - July 15, 2021

Executive Summary

PrintNightmare is the name given to a critical remote code execution vulnerability in the Windows Print spooler service. Attackers can take advantage of this vulnerability to gain control of affected systems.

Cybersecurity and Infrastructure Security Agency (CISA) advises all organizations follow Microsoft’s guidance for CVE-2021-34527 and also implement Microsoft’s best practice from January 11, 2021.

CISA and Microsoft are continually updating information relating to this vulnerability.

Report

CISA - PrintNightmare, Critical Windows Print Spooler Vulnerability
https://us-cert.cisa.gov/ncas/current-activity/2021/06/30/printnightmare-critical-windows-print-spooler-vulnerability

Impact to HPH Sector

This vulnerability affects organizations both within andhttps://cyber.dhs.gov/ed/21-04/ without the HPH Sector and has the potential to cause widespread harm. Please remain informed on updates to this vulnerability as new information is reported.

References

Microsoft - CVE-2021-34527 - Windows Print Spooler Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

Microsoft - Security assessment: Domain controllers with Print spooler service available (best practice)
https://docs.microsoft.com/en-us/defender-for-identity/cas-isp-print-spooler

CISA - Emergency Directive 21-04 - Mitigate Windows Print Spooler Service Vulnerability
https://cyber.dhs.gov/ed/21-04/

Contact Information
If you have any additional questions, please contact us at HC3@hhs.gov.

Related Resources

Advancing Health Podcast
Public
America’s hospitals and health systems are at risks of attacks that threaten the bio-economy. How do these threats affect patients and citizens and what we can…
Fact Sheets
It is imperative that Congress invest in America’s hospitals and health systems to ensure that the nation’s health care needs can be met today and into the…
Letter/Comment
The American Hospital Association (AHA) would like to share hospital and health system priorities that would benefit patients and communities around the…
Advancing Health Podcast
Public
On this AHA Advancing Health podcast, John Riggi, AHA senior advisor for cybersecurity and risk, speaks with his former FBI colleague Mike Orlando, acting…
Advisory
Public
Microsoft has released out-of-band security updates to address a remote code execution (RCE) vulnerability — known as PrintNightmare (CVE-2021-34527) — in the…
Advancing Health Podcast
Public
Hospitals and health systems have frequently been the target of high-impact ransomware attacks. In this podcast, John Riggi, AHA senior advisor for…