Windows Print Spooler Flaw Detected: How to Prevent 'PrintNightmare' Ransomware Attacks
A research revealed a potential cybersecurity attack for Windows users after seeing a flaw from one of Operating System's tools that can be exploited by hackers and other online attackers.
This was after Microsoft released a notice for its users regarding a patch that has fixes to the said tool, which flagged several of its vulnerabilities along those lines. According to Redmond, security researchers have found that the said attackers are using said flaw in their attacks.
A Potential "Nightmare"
In an blog posted by CrowdStrike, attackers incorporated the so-called "PrintNightmare" in their cyberattacks using a ransomware known as Magniber, which targets Windows users in South Korea.
NEW: PrintNightmare vulnerability weaponized by Magniber ransomware gang in attacks against South Korea— Catalin Cimpanu (@campuscodi) August 12, 2021
-Which PrintNightmare is this?
-CVE-2021-34527, the original one, the RCE split off from CVE-2021-1675 and for which a PoC was released in Junehttps://t.co/srPh8DnVJT pic.twitter.com/f9WKn0cJHQ
The said malware, according to KimKomando, were first surfaced in 2017, and used the said flaw as a medium for attackers to spread said malware to victims.
PrintNightmare is the name given to a print spooler flaw that was seen in the Microsoft's operating system. It was first revealed in a patch notice by the company last August 13.
The flaw, which is originally named as CVE-2021-36958 vulnerability, is a remote code execution vulnerability that, if exploited by attackers with user interaction, can gain access to any system privileges.
According to the company's summary of the said vulnerability, it can run arbitrary code with the said privileges and install any programs, including malware and spyware, in order to view, change, or delete any data, or create any new accounts with the user's/victim's full rights.
The said PrintNightmare print spooler flaw was not new in terms of being one of the methods used for cyberattackers. In the same blog, CrowdStrike revealed that last July 13th, they successfully detected and prevented attempts to an another cyberattack by means of exploiting the said flaw.
Also, Microsoft also addressed the existence of the said flaw in their previous patches, most specifically the June patch bundle.
In July, the company has issued several patches for PrintNightmare while providing several solutions how to prevent it, including disabling the said print spooler tool. However, doing so may disable a system to do print.
Several IT experts believe that the said patches did not work in preventing the said flaw, however the company said that they were "effective" in doing so.
How to Prevent Against Ransomware Attacks
Ransomware attacks, including the aforementioned Magniber one that uses the PrintNightmare flaw, can compromise a user's system data in his or her computer, which includes those that contains private information.
Along with data encryption, these ransomware can also lock their operating system, making then inaccessible unless the users pay the "ransom" that were demanded by the attackers themselves
In order to prevent such attacks, users must be prepared. To do so, according to Kaspersky, they must first know the security vulnerabilities by checking if their device they are using has an outdated software or if their browsers (or operating systems) were patched to its updated versions.
They can also do a vulnerability scan in their systems to check if it is vulnerable to cyberattacks, as well as installing anti-ransomware software.
But the best way to prevent said attacks is to do the following: Avoid clicking on unsafe links, avoid disclosing personal or private information, avoid opening any suspicious email attachments, never use any unknown flash drive sticks, and use VPN services while on public Wi-Fi.