https://urgentcomm.com/wp-content/themes/ucm_child/assets/images/logo/footer-new-logo.png
  • Home
  • News
  • Multimedia
    • Back
    • Multimedia
    • Video
    • Podcasts
    • Galleries
    • IWCE’s Video Showcase
    • Product Guides
  • Commentary
    • Back
    • Commentary
    • Urgent Matters
    • View From The Top
    • All Things IWCE
    • Legal Matters
  • Resources
    • Back
    • Resources
    • Webinars
    • White Papers
    • Reprints & Reuse
  • IWCE
    • Back
    • IWCE
    • Conference
    • Special Events
    • Exhibitor Listings
    • Premier Partners
    • Floor Plan
    • Exhibiting Information
    • Register for IWCE
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookie Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • Mission Critical Technologies
    • TU-Auto
  • In the field
    • Back
    • In the field
    • Broadband Push-to-X
    • Internet of Things
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Call Center/Command
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Network Tech
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Operations
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Regulations
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • Organizations
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
Urgent Communications
  • NEWSLETTER
  • Home
  • News
  • Multimedia
    • Back
    • Video
    • Podcasts
    • Omdia Crit Comms Circle Podcast
    • Galleries
    • IWCE’s Video Showcase
    • Product Guides
  • Commentary
    • Back
    • All Things IWCE
    • Urgent Matters
    • View From The Top
    • Legal Matters
  • Resources
    • Back
    • Webinars
    • White Papers
    • Reprints & Reuse
    • UC eZines
    • Sponsored content
  • IWCE
    • Back
    • Conference
    • Why Attend
    • Exhibitor Listing
    • Floor Plan
    • Exhibiting Information
    • Join the Event Mailing List
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Cookie Policy
    • Terms of Service
    • Privacy Statement
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • TU-Auto
  • newsletter
  • In the field
    • Back
    • Internet of Things
    • Broadband Push-to-X
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Cybersecurity
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
acc.com

Security


Partner content

Security 101: The ‘PrintNightmare’ flaw

Security 101: The ‘PrintNightmare’ flaw

  • Written by Jai Vijayan / Dark Reading
  • 7th July 2021

When a remotely exploitable vulnerability affecting all versions of Microsoft Windows is being actively exploited — and no patch is yet available — the security industry kicks into high alert.

Such was the case with “PrintNightmare,” a vulnerability in the infamously buggy Windows Print Spooler service that burst into the limelight last week with the US Cybersecurity & Infrastructure Security Agency (CISA), CERT Coordination Center (Cert CC), and others advising urgent action around it.

In separate alerts last week, CISA, and CERT CC urged organizations to disable Print Spooler services on all critical systems, including domain controllers and Active Directory admin systems, citing concerns over the flaw. Those concerns were exacerbated, too, by some confusion over whether PrintNightmare was the same flaw as one some thought Microsoft had already patched in a previous security update.

After some initial silence, Microsoft clarified that PrintNightmare was a separate flaw from the one it patched on June 8 and issued a new vulnerability identifier (CVE) for it. Then on July 6, the company released an emergency security update for the flaw and urged organizations to apply it immediately.

Here’s a closer look at PrintNightmare and why it has evoked so much concern.

What Is PrintNightmare?
PrintNightmare is a critical remote code execution (RCE) vulnerability in the Microsoft Windows Print Spooler service (CVE-2021-34527). The vulnerability stems from the service’s failure to properly restrict access to “RpcAddPrinterDriverEx(),” a function for installing a printer driver on a Windows system. The vulnerable code exists in all Windows versions.

Windows Print Spooler is software that serves as an interface between the Windows operating system and a printer. It handles a variety of tasks, including loading printer drivers and buffering queuing and ordering print jobs. Microsoft describes it as software that enables systems to act as a print client, administrative client, or print server.

PrintNightmare is just one of numerous vulnerabilities that have been uncovered in the Windows Print Spooler service over the past decade or so.

To read the complete article, visit Dark Reading.

 

Tags: Applications Companies Critical Infrastructure Cybersecurity DHS Enterprise Federal Government/Military Incident Command/Situational Awareness News Policy Public Safety Security Software State & Local Government System Design System Installation System Operation Tracking, Monitoring & Control Training Partner content

Most Recent


  • Automakers against stampede to BEV dominance
    When the president of the world’s biggest carmaker talks, people listen. So, when Toyota President Akio Toyoda said, in September of last year, that bans on ICE cars within 10 to 15 years  will be “rather difficult to achieve” because EVs “are just going to take longer than the media would like us to believe,” […]
  • FCC nominee Gigi Sohn headed for third Senate hearing
    President Biden’s nominee for FCC Commissioner Gigi Sohn will is expected to sit through a third hearing in the US Senate sometime in the coming weeks. That means that, in addition to being on track to become the first openly LGBTQ+ Commissioner for the FCC, Sohn will also make history as the first person to endure three […]
  • Hytera parent cites financial health, but unable to make royalty payment to Motorola Solutions
    Hytera Communications claims it has not made a court-ordered royalty payment of $49 million to Motorola Solutions because the China-based LMR manufacturer’s parent company does not have access to the assets of its subsidiaries around the world, according to a recent filing in a federal district court. Hytera Communications Corp. (HCC) made the filing earlier […]
  • NATE: Todd Schlekeway highlights organization's safety, legislative initiatives
    Todd Schlekeway, executive director of NATE: The Communications Infrastructure Contractors Association, discusses many of NATE’s planned activities for 2023, including a legislative visit to Capitol Hill in May, safety/training initiatives, and a broader release of the Vertical Freedom documentary that focuses on the lives of tower climbers in the communication arena.  

Leave a comment Cancel reply

To leave a comment login with your Urgent Comms account:

Log in with your Urgent Comms account

Or alternatively provide your name, email address below:

Your email address will not be published. Required fields are marked *

Related Content

  • What Colonial Pipeline means for commercial-building cybersecurity
  • IWCE: Nicole Perlroth discusses cyberthreat landscape, impact on critical infrastructure
  • Attacks on Kaseya servers led to ransomware in less than 2 hours
  • Security 101: The ‘PrintNightmare’ flaw
    Newscan: Ransomware group REvil demands $70 million in Kaseya supply-chain attack

Commentary


How 5G is making cities safer, smarter, and more efficient

26th January 2023

3GPP moves Release 18 freeze date to March 2024

18th January 2023

Do smart cities make safer cities?

  • 1
6th January 2023
view all

Events


UC Ezines


IWCE 2019 Wrap Up

13th May 2019
view all

Twitter


UrgentComm

Automakers against stampede to BEV dominance dlvr.it/ShpX08

2nd February 2023
UrgentComm

FCC nominee Gigi Sohn headed for third Senate hearing dlvr.it/ShpDcZ

1st February 2023
UrgentComm

Sign up to learn how to successfully manage your Motorola ASTRO® 25 System: spr.ly/60143j8fp https://t.co/XcxiUwzN27

1st February 2023
UrgentComm

Hytera parent cites financial health, but unable to make royalty payment to Motorola Solutions dlvr.it/ShlrlM

1st February 2023
UrgentComm

NATE: Todd Schlekeway highlights organization’s safety, legislative initiatives dlvr.it/ShljHj

1st February 2023
UrgentComm

Cybercrime ecosystem spawns lucrative underground Gig Economy dlvr.it/ShkKbf

31st January 2023
UrgentComm

FAA approves beyond-visual-line-of-sight (BVLOS) flights in North Dakota dlvr.it/ShgxHW

30th January 2023
UrgentComm

AT&T boasts of core ‘white box’ success in 5G, fiber push dlvr.it/Shgb4w

30th January 2023

Newsletter

Sign up for UrgentComm’s newsletters to receive regular news and information updates about Communications and Technology.

Expert Commentary

Learn from experts about the latest technology in automation, machine-learning, big data and cybersecurity.

Business Media

Find the latest videos and media from the market leaders.

Media Kit and Advertising

Want to reach our digital and print audiences? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • American City & County
  • IWCE
  • Light Reading
  • IOT World Today
  • Mission Critical Technologies
  • TU-Auto

WORKING WITH US

  • About Us
  • Contact Us
  • Events
  • Careers

FOLLOW Urgent Comms ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.