A day after Microsoft released more updates for the Windows vulnerabilities known as “PrintNightmare,” the tech giant has issued another report on a Windows Print Spooler vulnerability.
Kelly Yeh, president of Chantilly, Va.-based Microsoft partner Phalanx Technology Group, told CRN in an interview that the ongoing struggle to patch Windows Print Spooler is a real-world example of why many Microsoft customers should move more processes to the cloud.
“This is going to be the first of many exploits that probably come out,” Yeh said. “That exploit [PrintNightmare] is actually a pretty big exploit, from what we were reading it can do.”
The latest discovery is a remote code execution vulnerability when Windows Print Spooler improperly performs privileged file operations. Hackers could exploit the vulnerability to install programs, create new accounts with full user rights and even view, change or delete data.
“The workaround for this vulnerability is stopping and disabling the Print Spooler service,” according to the Microsoft disclosure Wednesday.
The disclosure continued: “We are developing a security update. Solutions to verified security issues are normally released via our monthly Update Tuesday cadence.”
In response to CRN questions about this latest vulnerability, a Microsoft spokesperson said in an email: “We are aware of the report and are investigating. An interim workaround is described here.”
Yeh said that the vulnerability comes at a time when businesses are trying to return to the office and on-premises servers haven’t been patched and rebooted in some time. While he wishes Microsoft had patched all versions of the server immediately to avoid multiple security updates, Yeh has been turning off vulnerable servers to avoid the vulnerability.
“We as MSPs were scrambling to turn all the print services off,” Yeh said. “We then had to remap everybody directly to the printers, so that we didn’t have to have print servers. And even then, having that service running on the workstations also made the workstations vulnerable. So it was kind of chaotic.”
The incident has led to more conversations around why clients need to adopt more cloud products and services. Microsoft’s SharePoint in Microsoft 365, for example, have version control, automatic protection from ransomware, multi-factor implementation and data-loss prevention, Yeh said. Azure has security features to protect legacy systems.
His recommendation to end-users is to constantly reassess networks and systems and incrementally refresh and upgrade applications and systems.
“If you’ve got an old legacy accounting system sitting on a 2008 server somewhere, a 2003 server somewhere, you can’t even update that server -- let alone protect it,” Yeh said. “If you wait to be the last person to do the migration, you’re going to pay the most money.”