Earlier this month security researchers accidentally released a zero-day exploit and proof of concept code which demonstrated a vulnerability in the Windows 10 Print Spool which could be used for a Remote Code Exploit.
Microsoft moved relatively rapidly to release an out of band fix, and now the Cybersecurity and Infrastructure Security Agency (CISA) has ordered government agencies to urgently apply this patch to federal computers.
“CISA has validated various proofs of concept and is concerned that exploitation of this vulnerability may lead to full system compromise of agency networks if left unmitigated,” CISA said.
“This determination is based on the current exploitation of this vulnerability by threat actors in the wild, the likelihood of further exploitation of the vulnerability, the prevalence of the affected software in the federal enterprise, and the high potential for a compromise of agency information systems.”
Emergency Directive 21-04 comes with the following deadlines:
- By 11:59 pm EDT, Wednesday, July 14, 2021, Stop and Disable the Print Spooler service on all Microsoft Active Directory (AD) Domain Controllers (DC).
- By 11:59 pm EDT, Tuesday, July 20, 2021, apply the July 2021 cumulative updates to all Windows Servers and Workstations.
- By 11:59 pm EDT, Tuesday, July 20, 2021, for all hosts running Microsoft Windows operating systems (other than domain controllers under action #1) complete either Option 1, 2, or 3 as detailed in the directive.
- Validate Registry and/or Group Policy settings from options 1, 2, and 3 above are properly deployed.
- By 11:59 pm EDT, Tuesday, July 20, 2021, ensure technical and/or management controls are in place to ensure newly provisioned or previously disconnected servers and workstations are updated and have the settings defined above in place before connecting to agency networks.
- By 12:00 pm EDT, Wednesday, July 21, 2021, submit a completion report using the provided template.
CISA is also recommending companies disable their Windows Print Spool on all systems not used for printing.
Regular Windows 10 users can protect themselves by installing the just-released July 2021 cumulative update.