Hello, welcome to the Thursday, July 1st, 2021 edition of the Sandton and Storm Center's Stormcast.

My name is Johannes.

Ulrich, and then I'm recording from Jacksonville, Florida.

If there's one thing that you do want to take care of before you're heading in the hopefully extended weekend, at least here in the US, than it is CBE

2021-1675, a Windows print spooler vulnerability that also has been called print nightmare.

This vulnerability essentially affects all versions of Windows that are currently being supported,

and it was patched this June in the June-patched Tuesday update, but apparently it wasn't patched completely.

There was also a little bit of mislabeling going on here where initially Microsoft

labeled this as a privilege escalation vulnerability, but earlier this week, Microsoft updated

the advisory and did label it as a remote code execution vulnerability. And what really made this even worse is that it appears that

the patch was incomplete and the day before yesterday, a proof of concept exploit for this vulnerability

was published on GitHub. The initial GitHub repository was quickly taken down by the author, but there are multiple

forks of this GitHub repository, and the code is pretty easily available.

So well, what do you need to do?

There is no patch.

Well, definitely make sure that you did apply the June patches, but as mentioned,

the patch that was published by Microsoft does not protect you from this proof of concept

that was published. Your next best option is to disable the print spooler, of course,

with that you may break printing. There are,

of course, certain high-value systems like your domain controllers that usually don't really

have any business printing, so you probably definitely want to disable the print spooler

on these systems. Now, if there's anything good about this vulnerability, then it is that an attacker does

...