PrintNightmare Vulnerability

Author: John Farley

null

On July 1st, 2021, a newly discovered security flaw was revealed by Microsoft that could impact victim organizations worldwide. This vulnerability is known as PrintNightmare, and tracked as CVE-2021-34527. It can allow threat actors to take over targeted servers via remote code execution that can install programs, view, change, and delete data while creating new accounts with full user rights. It is unknown who is behind the attack, but it is believed to being actively exploited by malicious actors.

How to Protect Your Organization

As of this writing Microsoft is still investigating if the vulnerability is exploitable on all versions of Windows. While they have not issued a patch to remediate it, on July 1st Microsoft issued a security vulnerability advisory 1 to provide mitigation guidance. They provided two options;

  • Option 1 - Disable the Print Spooler service
  • Option 2 - Disable inbound remote printing through Group Policy

In addition, the U.S. Cybersecurity & Infrastructure Security Agency;("CISA") provided their own guidance for organizations that may be impacted. On June 30, 2021, CISA issued an advisory 2 to disable the Windows Print Spooler service on servers not used for printing.

Insurance Implications

In the event your organization becomes a victim of this campaign it is important that you leverage the resources that come with any applicable insurance policies.

Many cyber insurance policies provide 24/7 access to outside experts, including breach coaches, IT forensics investigators, extortion negotiators, credit monitoring firms, public relations experts, data asset restoration experts and others. Be mindful of insurance policy claim reporting requirements that mandate formal notice of incidents and/or claims. In addition, policy wording that may require insureds to utilize only pre-approved insurance panel experts.

For additional information regarding cyber insurance coverage, please contact your Gallagher team member.

Author Information:

Sources

1. CVE-2021-34527 - Security Update Guide - Microsoft - Windows Print Spooler Remote Code Execution Vulnerability

2. PrintNightmare, Critical Windows Print Spooler Vulnerability | CISA

 
Disclaimer

The information contained herein is offered as insurance Industry guidance and provided as an overview of current market risks and available coverages and is intended for discussion purposes only. This publication is not intended to offer legal advice or client-specific risk management advice. Any description of insurance coverages is not meant to interpret specific coverages that your company may already have in place or that may be generally available. General insurance descriptions contained herein do not include complete Insurance policy definitions, terms, and/or conditions, and should not be relied on for coverage interpretation. Actual insurance policies must always be consulted for full coverage details and analysis.

Insurance brokerage and related services to be provided by Arthur J. Gallagher Risk Management Services, Inc. (License No. 0D69293) and/or its affiliate Arthur J. Gallagher & Co. Insurance Brokers of California, Inc. (License No. 0726293).

© 2020 Arthur J. Gallagher & Co. GGB39375