PrintNightmare
Just before the 4th of July long weekend, hackers were on the attack. On July 1, 2021, Microsoft released news of an active exploit impacting all Windows systems. This critical vulnerability, known as “PrintNightmare” (CVE-2021-1675) could have given an attacker full control of a Windows system (including the ability to deploy ransomware) if a user interacted with malicious code (via malicious attachment, web advertisement, webpage, etc.) that targeted the Printing Subsystem in Windows.
All Windows workstations and servers were impacted - whether they had a printer connected or not. Presence of an active Print Spooler service instance made systems vulnerable.
LMT immediately moved into action.
LMT in Action
We alerted clients of the vulnerability and disabled Windows Print Spooler services. While our LMT Account Teams and our Network Operations Center (the NOC) were assisting customers with these actions, our Business Solutions Team was working on a temporary solution to keep our clients' businesses up and running.
LMT created and deployed a script allowing our clients to continue utilizing printers while blocking the exploit from being executed. This Business Continuity Plan gave our customers the ability to continue delivering products and services until Microsoft released a patch to fix this vulnerability.
Kaseya Vulnerability
In the midst of the PrintNightmare issue, another vulnerability arose with Kaseya - a company known for their IT Management Software. LMT does not utilize Kaseya software or services, putting our customer's minds at ease.
Microsoft
Microsoft released two critical patches to fix the PrintNightmare exploit. The first, on July 7th was for all in-support Windows desktop OS versions and for Windows Server 2012R2 and 2019. A server 2008 patch was released for Server 2008s running in Azure. On July 8, the security update for Windows Server 2012, Windows Server 2016 and Windows 10, Version 1607 was released. As each patch was released, LMT pushed these updates outside of business hours and rolled back the script we had previously deployed. This ensured minimum disruption and optimal performance for businesses operations.
LMT keeps our clients up-to-date with the latest vulnerabilities, how they affect their business, and solutions we deploy until company's like Microsoft, Kaseya, and other companies with vulnerabilities release permanent fixes.
Why LMT?
LMT takes security seriously. Our teams work seamlessly together to mitigate risks, prevent breaches, create solutions, and deploy fixes to vulnerabilities - all while making sure your company continues to operate to its fullest ability.