By Need

Optimize IT Environments for Cost, Efficiency, and Security

Managed solutions that lower TCO while increasing your ROI

Security Programs

Enterprise wide security programs & zero trust

Hybrid Cloud Environments

Secure, scalable, and optimized

Modern Networks

The crucial foundation of business

Anytime Secure Access

Combining productivity and security

Innovation Velocity

Improved developer experiences

Managed Carrier Services

High performance and cost effective

Staff Augmentation

Strategic IT talent on-demand

View All Needs

By Industry

Finance & Banking

Stay ahead of today’s rapid change

Healthcare & Life Sciences

Improve lives with modern solutions

Business Services

Create efficiencies for sustained success

Public Sector

Serve the community with technology

Manufacturing

Unlock efficiencies for Industry 4.0

Retail

Get closer to customers

View All Industries

By Function

IT & Operations

Support your strategic vision

Engineering & Development

Enhance your developer experience

Finance & Procurement

Optimize for cost and security

Product Management

Make your vision a reality

HR

Focus on your people

View All Functional Areas
Managed Services

Remove the complexity of daily IT maintenance and focus on business growth

Cybersecurity & Risk Management

Secure business processes without sacrificing employee productivity

Cloud

Accelerate digital transformation while optimizing for cost

Carrier Services

Simplify and centralize complex business communication systems

Modern Workspace

Empower employees to work from anywhere on any device

Networking

Connect traditional environments to new secure cloud possibilities

Datacenter Modernization

Adapt to a hyperscaled cloud-first IT environment

Resource Management

Find the talent to drive your critical initiatives forward with confidence

View All Services

Learn

Knowledge Center
Events & Webinars
Blog
News

FEatured Resource

Cybersecurity & Risk Management 9 min read

Protecting the Digital Break Room: Collaboration Security for Microsoft Teams

By Jeremy Bello
Partners

Company

About Blue Mantis
News
Leadership
Awards
Philanthropy
Careers

FEatured News

4 min read

A Year of Transformation Produces Strong Tailwinds for Blue Mantis in 2024

By Josh Dinneen
Let’s Meet
All Blog Posts
Datacenter Modernization

"PrintNightmare” Microsoft Zero Day in Print Spooler

By Randy Becker July 1, 2021

What We Know
On June 29, 2021, a Proof-of-Concept (PoC) exploit code was published on GitHub for a vulnerability related to (CVE-2021-1675) in the Microsoft Print Spooler (spoolsv.exe)–the process that manages printing services. This vulnerability has been given the nickname of “PrintNightmare.” 

Although Microsoft released an update in early June 2021 as part of the updates in patch Tuesday, it does not look like this update protects against the PoC code. As this is PoC exploit, it appears to work and is being referred to as a Zero-Day exploit.

It’s important to note that the exploit does require a user login and password or a password hash to work which could be used by adversaries for use with phishing to get an elevation of privilege.

No Known Fix; Recommended Workaround
Because there is currently no known fix, the recommended workaround is to disable the print spooler service on Domain Controllers and systems that do not print.
Yesterday CISA released a VulNote for this vulnerability.  

What you should do if you are running Microsoft Windows systems 7 and higher and have the Print Spooler service enabled:

Test and evaluate the impact of these changes.
• Follow proper change control and backout procedures.
• Disable the Print Spooler service wherever possible, especially on publicly exposed devices. Note that you should follow the recommended approaches from Microsoft so that the service is not brought back on inadvertently.
• If you cannot disable the Print Spooler service, limit network access to those devices as strictly as you can, especially on publicly exposed devices.
• Apply the relevant patches, if applicable, at the earliest opportunity once they have been made available.

“Assume the Breach”
In this era of ransomware, it is safest to assume that an attacker is already inside the network somewhere, on a desktop and perhaps even in control of a user account. Assume The Breach: this vulnerability allows for elevation of privilege and we will expect it to be used by adversaries.

Additional practices you should always follow: 
• Follow proper change control process
• Test your changes and patches before rolling into production
• Ensure you have immutable backups of all systems; that way if the worst happens you have a method of recovering.

If you need help with this security threat, please reach out to your GreenPages Account Manager or reach out to us.

Randy Becker.

Randy Becker

Randy is responsible for GreenPages’ overall cyber security strategy, including developing comprehensive policies and procedures to protect critical applications while ensuring business agility and velocity. With more than 30 years in the IT industry, Randy has strong expertise in cyber security and risk management; security operations and optimization; infrastructure modernization; and hybrid cloud architecture, design, and implementation. Randy is also a HITRUST Certified CSF Practitioner (CCSFP) which ensures clients have access to the highest level of expertise related to privacy, security, compliance, and risk management.

Recent Blog Posts

View All Posts
Cybersecurity & Risk Management 6 min read

The CrowdStrike Incident and Windows Crash: What to do and How to fix it

By Pete Harris
Managed Services 6 min read

Focus on Growth with Blue Mantis Managed Services

By Geoff Smith
Carrier Services 7 min read

3 Reasons Why Your Business Needs 5G-Connected Laptops

By Kurt Karshick