Talk to an expert

Update on PrintNightmare & Kaseya Ransomware

By Lumifi Cyber | July 6, 2021

Over the 4th of July weekend, two breaches were brought to Lumifi's attention pertaining to PrintNightmare and Kaseya.

Details on PrintNightmare

While you likely do not have Print Servers exposed to the world (we hope not), we also wanted to note that we are aware of this and have diligently reviewed detection methodology. POC code has been found, so our recommendation is to disable all Microsoft Print Spooler Services and ensure you have this patch applied.

This is a remote code execution vulnerability that affects the Windows Print Spooler, which has CVE-2021-34527 assigned to the vulnerability. An attacker can use this vulnerability to run arbitrary code with SYSTEM privileges. This could give an attacker full access to the system, leading to administrative privilege and lateral movement in the environment.

While, in theory, the Print Spooler should only be run if needed, it is always enabled by default. Microsoft released security updates on June 8, 2021, that should be applied to mitigate this vulnerability.

If you cannot apply this patch immediately, we strongly advise that you turn off all print spoolers following the process documented here.

Other Resources for PrintNightmare:

Important Notice from Kaseya:

"We (Kaseya) are experiencing a potential attack against the VSA that has been limited to a small number of on-premise customers only as of 2:00 PM EDT today.

We (Kaseya) are in the process of investigating the root cause of the incident with an abundance of caution, but we (Kaseya) recommend that you IMMEDIATELY shut down your VSA server until you receive further notice from us (Kaseya).

It is critical that you do this immediately because one of the first things the attacker does is shut off administrative access to the VSA."

If your organization has experienced any difficulties with either are these breaches, don't hesitate to get in touch with us. Lumifi is here to help.

By Lumifi Cyber
Threat Name
Referenced Articles
Share This

Subscribe for Exclusive Updates

Stay informed with the most recent updates, threat briefs, and useful tools & resources. You have the option to unsubscribe at any time.

🚨 New Webinar Alert! 🚨

Q2: SOC Quarterly Threat Briefing

🗓️ Date: July 24th, 2024
🕒 Time: 11 AM (PT)

Secure Your Spot!
Privacy PolicyTerms & ConditionsSitemapSafeHotline
magnifiercrossmenuchevron-down linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram