Tag Archive for: print

Explore print server alternatives to avoid IT headaches

/in


While matters related to printing have always been a challenge for IT, the fallout from the 2021 PrintNightmare vulnerability has spurred more enterprises to find other ways to handle their print server infrastructure.

Window Server print servers are easy enough to spin up but difficult to maintain. Users can also find it mystifying to parse why a print job didn’t execute as expected, which leads to more help desk tickets and ties up valuable IT resources in a troubleshooting exercise. There are many print server alternatives on the market designed to give IT more insight into printing problems, hand users more control over their print jobs and offer enterprises the visibility into how much is spent on printing and where.

Why PrintNightmare made printing even more complicated

The PrintNightmare vulnerability (CVE-2021-34527) surfaced in July 2021 and gave attackers a way to remotely execute code on Windows desktop and server systems through a Windows print spooler bug. A threat actor who manages to exploit this vulnerability could perform privileged operations such as installing software, accessing data or creating user accounts.

Microsoft released patches to correct the vulnerability, but one major consequence is that print driver installation now requires administrator privileges. With users no longer able to install or update existing print drivers due to PrintNightmare mitigations, administrators have had to investigate different configuration options or attempt to circumvent the security measures through registry changes that are not sanctioned by Microsoft.

Where a third-party print server alternative can help

For enterprises with a mix of printers across multiple sites, the changes ushered in by the PrintNightmare patch made an already difficult management job even more troublesome. Administrators lost the flexibility to let users install print drivers unless they skirted security protocols and gave escalated privileges.

Many products offer more security options to give users more control over print jobs that are not available in Windows Server print server. For example, pull printing is a feature some vendors offer that only gives the authenticated user the ability…

Source…

Hackers Exploiting Recently Reported Windows Print Spooler Vulnerability in the Wild

/in


Windows Print Spooler Vulnerability

A security flaw in the Windows Print Spooler component that was patched by Microsoft in February is being actively exploited in the wild, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned.

To that end, the agency has added the shortcoming to its Known Exploited Vulnerabilities Catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to address the issues by May 10, 2022.

CyberSecurity

Tracked as CVE-2022-22718 (CVSS score: 7.8), the security vulnerability is one among the four privilege escalation flaws in the Print Spooler that Microsoft resolved as part of its Patch Tuesday updates on February 8, 2022.

It’s worth noting that the Redmond-based tech giant has remediated a number of Print Spooler flaws since the critical PrintNightmare remote code execution vulnerability came to light last year, including 15 elevation of privilege vulnerabilities in April 2022.

Also added to the catalog are two other security flaws based on “evidence of active exploitation” –

  • CVE-2018-6882 (CVSS score: 6.1) – Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS)
  • CVE-2019-3568 (CVSS score: 9.8) – WhatsApp VOIP Stack Buffer Overflow Vulnerability

The addition of CVE-2018-6882 comes close on the heels of an advisory released by the Computer Emergency Response Team of Ukraine (CERT-UA) last week, cautioning of phishing attacks targeting government entities with the goal of forwarding victims’ emails to a third-party email address by leveraging the Zimbra vulnerability.

CyberSecurity

CERT-UA attributed the targeted intrusions to a threat cluster tracked as UAC-0097.

In light of real world attacks weaponizing the vulnerabilities, organizations are recommended to reduce their exposure by “prioritizing timely remediation of […] as part of their vulnerability management practice.”

Source…


[the_ad_group id="27628"]