If you work at a company that still uses print servers then the phrase “PrintNightmare” may fill you with a sense of dread.
Earlier this year Microsoft discovered a “security bypass vulnerability" with its print spoolers. What followed was a race to fix a bug that threatened millions of organizations around the world.
This particular bug was dangerous because of how easily it allowed hackers to gain remote access to a system and take control of it.
To make matters worse, there have been new reports of print server vulnerabilities exploited by ransomware attackers, separate from the original threat.
As a business, there’s nothing scarier than knowing your sensitive data could be stolen. In this blog, we’ll uncover what PrintNightmare is, why it continues to plague companies all over the world, and what you can do to protect your organization.
What is PrintNightmare?
PrintNightmare (CVE-2021-34527) is a remote code execution vulnerability that exploits the Windows Print Spooler (The server-side service that often handles printing throughout an organization, enables an easy way for employees to add organizational printers quickly and easily, and temporarily stores print jobs in queue and delivers them to the end printers), taking advantage of specific inbound Remote Procedure Calls (RPCs) that are responsible for the deployment of printers and drivers.
When exploited, the vulnerability provides hackers with administration-level access, allowing them to execute malicious programs through the local print server. These programs help them steal, edit or delete any sensitive information they find. Often this breach can lead to exploitation via some form of ransom.
Despite many efforts to fix this issue, businesses all over the world remain vulnerable.
Why Print Servers are the Real Enemy
Printer issues are not new. Things like paper jams, queue issues, and constant troubleshooting have plagued organizations for decades. While print servers have historically helped to simplify managing printers in an organization, this most recent vulnerability has exposed print servers and turned them from a helpful service into a trojan horse of sorts.
Print servers require every user to use a print spooler. They also need a certain level of permission before performing print jobs, organizing the queue, and installing drivers. And now, print server management and security has just gotten more complicated.
Your print servers transact and store tons of sensitive data. Think about that employee form you printed last week, or the financial report you printed to review for month-end...
With the advent of the PrintNightmare vulnerability, your print servers, if not managed properly, are now bombs waiting to go off. Print servers around the world are being used against you. Even worse, the print spooler service is not limited only to servers being managed by IT, the service runs by default on every computer in your organization, if not shut down intentionally. That gets even more worrisome when you consider each print server in your network makes you more vulnerable.
But there is an easy way to protect your company from PrintNightmare. The good news is, you can get rid of your print servers entirely.
How InsITe is responding to PrintNightmare
At InsITe Business Solutions, we have partnered with PrinterLogic , both to address the PrintNightmare vulnerability within our client base, but also to help organizations better streamline their printer management, simplify administration and control, and protect their data.
PrinterLogic is a centrally managed Direct IP printing platform that completely eliminates print servers by enabling distributed print spooling across devices, yet still providing complete visibility and control across the printing services.
PrinterLogic restricts permissions, so if a print spooler is compromised on any device it won’t affect any other device or have the ability to leak sensitive information. Based on data collected from organizations that have moved to PrinterLogic:
- 79% managed to reduce remote server infrastructure by 30% or more
- 71% reduced time spent on print management by more than 50%
- 65% reduced printer downtime by at least 30%
The bottom line is that even though Microsoft and other companies rally to address this (and future) vulnerabilities, now that attackers know the exploit exists, your print servers will continue to leave you at risk. Switching from Microsoft print servers to PrinterLogic will be a critical step to securing your data and limiting your exposure to PrintNightmare - And future threats.
If you’re ready to streamline and secure your printer management (and protect your business), contact InsITe today. We can schedule a demo as soon as you are ready!