PrintNightmare, Vulnerability Affecting Windows Print Spooler

Eleven years ago, an escalation of privilege bug in the Windows print spooler services was used in the Stuxnet attack, the notorious worm that destroyed the enrichment centrifuges of an Iranian Nuclear facility. Over the past eleven years, Microsoft’s print spooler is still plagued by multiple vulnerabilities.

Yesterday, proof-of-concept (PoC) exploit code was accidentally released for a previously unknown bug in the Microsoft print spooler service, now dubbed PrintNightmare. A successful exploit would allow a malicious actor to gain remote code execution on a computer or server running the print spooler service.

Since many IT administrators use print servers to host printers on a network, it is likely these servers are vulnerable. A malicious actor that is successful in exploiting this vulnerability could potentially gain full administrative access to the network.

Microsoft has yet to release a patch for it. Elteni recommends that any computers or servers running the print spooler service that are not needed should be disabled.

Firmware Flaw Found in Netgear DGN-2200v1 Routers

Microsoft researchers identified bugs in Netgear’s DGN-2200v1 routers that would allow attackers to gain access to management pages by bypassing the authentication interface. Additionally, attackers may also be able to gather the saved credentials from the device.

By compromising the device attackers would be able to manipulate the network security posture.

Elteni recommends if you are using the Netgear DGN-2200v1 routers that they be updated with the latest patches.

REvil Ransomware Now Targeting Linux Operating Systems

The REvil Ransomware authors have updated their code to include attacking VMWare ESXi and Network Attached Storage devices running the Linux operating system.

The new Linux version was found to have similarities to the Windows version, which has already impacted companies like Acer.

Ensure VMWare ESXi and NAS devices running the Linux operating system are kept up to date, appropriately segmented and secured to prevent ransomware infection.