Earlier this month safety researchers by accident launched a zero-day exploit and proof of idea code which demonstrated a vulnerability within the Windows 10 Print Spool which might be used for a Remote Code Exploit.
Microsoft moved comparatively quickly to launch an out of band repair, and now the Cybersecurity and Infrastructure Security Agency (CISA) has ordered authorities companies to urgently apply this patch to federal computer systems.
“CISA has validated various proofs of concept and is concerned that exploitation of this vulnerability may lead to full system compromise of agency networks if left unmitigated,” CISA stated.
“This determination is based on the current exploitation of this vulnerability by threat actors in the wild, the likelihood of further exploitation of the vulnerability, the prevalence of the affected software in the federal enterprise, and the high potential for a compromise of agency information systems.”
Emergency Directive 21-04 comes with the next deadlines:
By 11:59 pm EDT, Wednesday, July 14, 2021, Stop and Disable the Print Spooler service on all Microsoft Active Directory (AD) Domain Controllers (DC).By 11:59 pm EDT, Tuesday, July 20, 2021, apply the July 2021 cumulative updates to all Windows Servers and Workstations.By 11:59 pm EDT, Tuesday, July 20, 2021, for all hosts operating Microsoft Windows working methods (apart from area controllers underneath motion #1) full both Option 1, 2, or three as detailed within the directive.Validate Registry and/or Group Policy settings from choices 1, 2, and three above are correctly deployed.By 11:59 pm EDT, Tuesday, July 20, 2021, guarantee technical and/or administration controls are in place to make sure newly provisioned or beforehand disconnected servers and workstations are up to date and have the settings outlined above in place earlier than connecting to company networks.By 12:00 pm EDT, Wednesday, July 21, 2021, submit a completion report utilizing the offered template.
CISA can also be recommending corporations disable their Windows Print Spool on all methods not used for printing.
Regular Windows 10 customers can shield themselves by putting in the just-released July 2021 cumulative replace.