Update: Microsoft released an update that addresses the PrintNightmare attack. This is one of those updates that requires your IT Team to go beyond installing the patch. Microsoft provides them instructions: https://support.microsoft.com/en-us/topic/kb5005010-restricting-installation-of-new-printer-drivers-after-applying-the-july-6-2021-updates-31b91c02-05bc-4ada-a7ea-183b129578a7 They will continue to get updates and find details of combatting PrintNightmare here: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
(Originally posted on July 2, 2021)
Microsoft confirmed that attackers are exploiting systems now using a PrintNightmare Attack. As of this moment, there is no security patch.
IT Pros are so busy managing other projects and initiatives that they could be unaware of this new exploit.
Forward this message to your IT team so they can, if they haven’t already, review Microsoft’s recommendations to mitigate the problem: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
After they’ve had time to review this, preferably today, you can discuss the pros and cons with them. Fortunately, the mitigation is reasonably straightforward, and Microsoft provides two options. Your IT team might want to address Domain Controller servers first.
Remember that allowing remote workers to use a family computer instead of company-issued equipment to access your office is dangerous.
Please forward this to executives you know to confirm their IT teams know about this new exploit and take steps accordingly.