Microsoft advises customers to disable printing until cyber vulnerability fixed

Jul 02, 2021 - 01:42 PM
Cybersecurity Lock on Gold Wall

The Computer Emergency Response Team Coordination Center (CERT/CC), part of the Software Engineering Institute at Carnegie Mellon University, this week reported a critical remote code execution vulnerability impacting the Windows Print Spooler service that allows a remote authenticated attacker to execute arbitrary code with system privileges on a vulnerable system. Until Microsoft fixes the PrintNightmare vulnerability, for which the exploit code is publicly available, the company advises customers to disable printing services where possible.
 
John Riggi, AHA's senior advisor for cybersecurity and risk, said, “This critical vulnerability has the potential to be highly disruptive for hospitals and health systems. Simply disabling print services in hospitals and health systems is not an option as we have already heard from multiple sources in the field. Printing services are used for everything from printing patient identification wristbands to labels for IV medications. Continuing essential patient care services must be balanced with the potential for remote exploitation of this vulnerability. We anxiously await further information and updated patches from Microsoft. The AHA has been in contact with multiple government agencies and will continue to closely monitor the situation and advise the field.”

For more on this or other cyber and risk issues, contact Riggi at jriggi@aha.org.

 

Related News Articles

Headline
Agencies issue advisory on updated tactics by Play ransomware group
The FBI, Cybersecurity and Infrastructure Security Agency and Australian Cyber Security Centre June 4 released an advisory on updated actions and tactics used…
Headline
Agencies release guidance on AI data security 
The National Security Agency, Cybersecurity and Infrastructure Security Agency and international partners May 22 released guidance on securing data used for…
Headline
Russian state-sponsored cyber actors targeting tech companies, others 
The FBI, along with the National Security Agency and other international cybersecurity agencies, this week released a joint agency advisory on cyber operations…
Headline
FBI warns of cyber actors exploiting end-of-life routers
The FBI's Internet Crime Complaint Center released an alert May 7 warning of cyber actors exploiting vulnerabilities in end-of-life routers. Routers dated 2010…
Headline
FBI warns of malicious text, voice-messaging campaign impersonating senior U.S. officials
The FBI’s Internet Criminal Complaint Center May 15 released an alert warning of a malicious text and voice messaging campaign involving impersonators…
Headline
AHA blog — 3 Must-know Cyber and Risk Realities: What’s Ahead for Health Care in 2025 
In his latest AHA Cyber Intel blog, John Riggi, AHA national advisor for cybersecurity and risk, examines the state of cyber and physical threats in 2025 as…