HC3 TLP White Alert: PrintNightmare, Windows Print Spooler Service Vulnerability (Update 1) - July 15, 2021

Executive Summary

PrintNightmare is the name given to a critical remote code execution vulnerability in the Windows Print spooler service. Attackers can take advantage of this vulnerability to gain control of affected systems.

Cybersecurity and Infrastructure Security Agency (CISA) advises all organizations follow Microsoft’s guidance for CVE-2021-34527 and also implement Microsoft’s best practice from January 11, 2021.

CISA and Microsoft are continually updating information relating to this vulnerability.

Report

CISA - PrintNightmare, Critical Windows Print Spooler Vulnerability

Impact to HPH Sector

This vulnerability affects organizations both within and without the HPH Sector and has the potential to cause widespread harm. Please remain informed on updates to this vulnerability as new information is reported.

References

Microsoft - CVE-2021-34527 - Windows Print Spooler Remote Code Execution Vulnerability

Microsoft - Security assessment: Domain controllers with Print spooler service available (best practice)

CISA - Emergency Directive 21-04 - Mitigate Windows Print Spooler Service Vulnerability

Contact Information
If you have any additional questions, please contact us at HC3@hhs.gov.

Key Resources

Related Resources

Advancing Health Podcast
Leadership Dialogue Series: Cybersecurity and the Fight to Safeguard Health Care
Public
Leadership Rounds
Leadership Dialogue
Public
Special Bulletin
UPDATE: AHA and Health-ISAC Threat Advisory: FBI Advises No Specific Credible Threat Targeting Hospitals
Public
Special Bulletin
AHA and Health-ISAC Bulletin on Threat to Hospitals
Member
AHA Center for Health Innovation Market Scan
Rural Hospitals Move to Enhance Cybersecurity
Advancing Health Podcast
Critical Condition: Cybersecurity in Rural Hospitals with Microsoft Part 2