Microsoft advises customers to disable printing until cyber vulnerability fixed

Jul 02, 2021 - 01:42 PM
Cybersecurity Lock on Gold Wall

The Computer Emergency Response Team Coordination Center (CERT/CC), part of the Software Engineering Institute at Carnegie Mellon University, this week reported a critical remote code execution vulnerability impacting the Windows Print Spooler service that allows a remote authenticated attacker to execute arbitrary code with system privileges on a vulnerable system. Until Microsoft fixes the PrintNightmare vulnerability, for which the exploit code is publicly available, the company advises customers to disable printing services where possible.
 
John Riggi, AHA's senior advisor for cybersecurity and risk, said, “This critical vulnerability has the potential to be highly disruptive for hospitals and health systems. Simply disabling print services in hospitals and health systems is not an option as we have already heard from multiple sources in the field. Printing services are used for everything from printing patient identification wristbands to labels for IV medications. Continuing essential patient care services must be balanced with the potential for remote exploitation of this vulnerability. We anxiously await further information and updated patches from Microsoft. The AHA has been in contact with multiple government agencies and will continue to closely monitor the situation and advise the field.”

For more on this or other cyber and risk issues, contact Riggi at jriggi@aha.org.

 

Related News Articles

Headline
AHA, FBI release resource on behavioral threat assessment and management
The AHA Feb. 9 released a series of behavioral threat assessment and management resources developed in partnership with the FBI’s Behavioral Analysis Unit-1.…
Headline
AHA podcast: The FBI’s Campaign Against Cyberthreats Part 1
John Riggi, AHA national advisor for cybersecurity and risk, talks with Brett Leatherman, FBI assistant director, Cyber Division, and Gretchen Burrier, FBI…
Headline
Open-source text program Notepad++ impacted by critical vulnerability
The National Institute of Standards and Technology Feb. 2 published details on a critical vulnerability that impacted Notepad++, a free, open-source text and…
Headline
FBI launches campaign to protect hospitals, other critical infrastructure against cyberattacks
The FBI has launched a two-month campaign, Operation Winter SHIELD (Securing Homeland Infrastructure by Enhancing Layered Defense), highlighting 10 actions…
Headline
Guides offer strategies on preparing for public health emergencies, cybersecurity incidents 
Two AHA guides offer strategies for hospitals and health systems in preparing for public health emergencies and disasters and managing cybersecurity incidents…
Headline
AHA podcast: Cybersecurity on the Health Care Front Lines Against AI and Ransomware
Larry Pierce, director of cybersecurity and information security officer for Atlantic Health, unpacks how the growth of artificial intelligence is reshaping…