14 July 2021 - Cyber alert for Windows Print Spooler 

All Microsoft users must urgently apply updates to stay safe and prevent unauthorised remote access. 

A vulnerability with the Print Spooler service requires urgent action by users of all Windows operating systems.

What is the vulnerability?

The Print Spooler “PrintNightmare” vulnerability (CVE-2021-34527) is a remote code execution vulnerability, which if used could enable an unwanted third party to remotely access your system and potentially view, change or delete data, or create new accounts with a high level of permissions. 

This is also related to other Print Spooler bugs CVE-2021-1675 and CVE-2021-36958.

What to do

Microsoft is recommending you check for system updates from Microsoft for any device running on any version of Microsoft Windows at work and at home now, and download and install them immediately. 

You can refer to the guidance published by Microsoft about this issue for more information, including additional protective measures to ensure your system is secure. 

Applying these updates is a process called “patching” or vulnerability management - it is an important protective measure to keep yourself, your family, your business and your customers safe.

Why do I need to pay attention? 

Cybercriminals frequently use security weaknesses in computer software to get access to your computer and the information on it. They can exploit these weaknesses to deliver, install and run malicious code, and get access to your emails and other information to steal it or hold it to ransom.

Tips for keeping your internet-connected devices up to date

  1. Ensure that you’re running the latest version of your operating system (eg. Windows, macOS, iOS or Android) on all your computers, laptops, tablets, phones and any other internet-connected devices; consider upgrading or replacing devices that can no longer be updated to newer models.
  2. Ensure that you’re running the latest version of any applications installed, and uninstall any applications that are no longer needed.
  3. Switch on automatic updates for your operating systems and applications if they’re available. You may wish to refer to the  Australian Cyber Security Centre's guides on how to do this.
  4. Create an inventory of all of your internet-connected devices and the software (operating systems and applications) running on those devices and periodically review this list and when they were last updated.
  5. Monitor for potential threats and be ready to install updates as soon as they become available.

For more guidance on how to manage vulnerabilities, refer to further information published by the Australian Cyber Security Centre.

Microsoft Exchange Server vulnerability

UPDATE: On 13 April 2021 Microsoft released security updates to mitigate significant newly discovered vulnerabilities in Microsoft Exchange 2013, 2016 and 2019.

The new vulnerabilities are: 

The patches previously released by Microsoft in March 2021 do not remediate these new vulnerabilities and organisations must apply Microsoft’s 13 April 2021 updates to prevent potential compromise.

The vulnerabilities previously identified were: 

  • CVE-2021-26855 - server-side request forgery (SSRF) vulnerability in Exchange.
  • CVE-2021-26857 - insecure deserialization vulnerability in the Unified Messaging service.
  • CVE-2021-26858 - post-authentication arbitrary file write vulnerability in Exchange.
  • CVE-2021-27065 - post-authentication arbitrary file write vulnerability in Exchange.

 

What do I need to do?

Microsoft has released security updates for vulnerabilities found in:

  • Microsoft Exchange Server 2013
  • Microsoft Exchange Server 2016
  • Microsoft Exchange Server 2019

Additional details relating to the April 2021 patches are available here, whilst information regarding the March 2021 patches are available here

Organisations should apply new patches as soon as possible and also undertake detection steps outlined in Microsoft guidance.

These vulnerabilities affect Microsoft Exchange Server. Exchange Online customers are already protected and do not need to take any action.

For additional information, please see the Australian Cyber Security Centre guidance.

What could happen if my business doesn’t apply the patches?

If the patches aren’t applied, these vulnerabilities could be used by cyber attackers to compromise your business’ information and operations.

A range of cyber attackers – including some in the business of ransomware – were quick to take advantage of businesses that had failed to apply the March updates, which is why it’s critical to apply patches as soon as possible.

To find out more, visit cyber.gov.au.

Things you should know

As the advice on this website has been prepared without considering your objectives, financial situation or needs, you should, before acting on the advice, consider its appropriateness to your circumstances.