PrintNightmare - The Exploit that Almost Took Over the World

You may have heard about a recently discovered vulnerability Microsoft themselves dubbed “PrintNightmare.”

If you’re familiar with the state of cybersecurity and cybercrime today, by this point, news about this exploit is old hat. Every version of Windows, going back to Windows XP has received a patch that fixes this vulnerability, including WindowsServer versions.

Since the patches are out, and the vulnerability is taken care of, there’s nothing more to worry about — everything is done and dusted, right?

Possibly. Or, this could be a new norm for cybercriminals — focusing on discovering highly-dangerous and equally-exploitable vulnerabilities to wreak maximum havoc. We’re going to cover why this is a legitimate worry, but first, let’s revisit what occurred earlier this month.

BACKING-UP THE HISTORY OF PRINTNIGHTMARE

PrintNightmare, as mentioned above, was named by Microsoft itself. Luckily, Microsoft’s own security team discovered this exploit. This may be why the name of the exploit is so forthcoming in its description — cybercriminals tend to favor names that serve to annoy as much as their namesake damages networks. Hence the forever-referenced “wannacry” attacks.

If cybercriminals had found this exploit first, it could have been one of the most damaging cyberattacks in the history of the internet. Why? Because of the machinations behind PrintNightmare’s exploit.

PrintNightmare was a vulnerability that left Windows print spoolers open to attack. Before the story of PrintNightmare broke, anyone who wasn’t in IT had most likely never heard of a print spooler, due to its ubiquitous and behind-the-scenes nature. A print spooler acts as the middleman between your computer and the printer it is printing to; without them, a Windows run OS is unable to do any form of printing.

Print spoolers are what IT professionals refer to as “legacy systems,” due to their longevity of implementation. Print spoolers have enabled printing for Windows systems for decades now, and there was very little need for Microsoft to update the code that makes them work, because they still do exactly what they need to do — talk to printers on behalf of your computer.

In short, every Windows OS uses a print spooler. They come enabled by default with other Windows Services.

When left open to intrusion, the PrintNightmare exploit could be used to gain permission to admin-level systems within the computer or server being attacked, meaning any intrusion could, in one simple step, lead to your entire network being compromised, your IT staff locked out, and forcibly handing over control of your entire business to cybercriminals.

This exploit was so severe and potentially dangerous, Microsoft wasted no time in waiting to patch it up. Microsoft sent out a patch for all Windows systems before their regularly scheduled bi-monthly updates, and soon after sent out another patch for older Windows OSs and Servers.

ARE WE STILL VULNERABLE?

First things first — if you are even questioning if you have downloaded the patch for your version of Windows, you can do so here.

The patch does fix the problem, but it is a battle won in an on-going war. Fortunately, this exploit was discovered by Microsoft’s own security team — if they hadn’t, the exploit could very well have been used to hack Microsoft’s own systems, effectively preventing them from fixing the vulnerability. The worst-case scenario could have been a take-over of any networked Windows system in the world.

The question is, how many other legacy systems are open to exploit? Operating Systems are not coded from the ground up with every update, and like print spoolers, there are many processes running in the background, essential to tasks and functions, that are decades old.

How long until a cybercriminal discovers one of these exploits?

Microsoft definitely made the right choice in alerting the world to this exploit, especially with their fast-acting patch — but the media coverage of PrintNightmare alerted cybercriminals to the Swiss-cheese of legacy systems most operating systems are built on, if they weren’t already aware.

The question now is…

WHAT DO WE DO ABOUT IT?

Again, if you haven’t patched for PrintNightmare, do so now. Secondly, absolutely stay up to date on your system updates and patches.

If you are a system administrator and want to make sure your Window's print environment is secure and stable, visit this link to find patch and update instructions from Microsoft's Knowledge Base.

Third, and most importantly, train your employees on security awareness practices. Your employees are the most effective tool you have in defending against intrusion. They are also the weakest link in your network’s defense.

By training your employees about the dangers they face every time they open their laptop, or look at their phone, you can create cybersecurity-practitioners, rather than hosting potential marks on your network.

To learn more about security awareness training, watch a recording of our live event, Security Series: Social Engineering, or reach out to our Managed IT team for answers to specific questions.