Mines Response to PrintNightmare Vulnerability

Update 08/12/2021

While the updates released July addressed the most serious threat from the set of vulnerabilities collectively known as PrintNightmare, the threat of remote code execution, they do NOT address the ability for a malicious actor to gain control of your system through other means.  At this time ITS continues to encourage anyone who manages their own Windows computer to shut down the print spooler and use the OrePrint web interface should you need a hard copy of one of your documents. See below for instructions on how to shut down the print spooler.

Update 07/06/2021

Microsoft has completed the investigation and has released security updates to address this vulnerability. The updates are available for all workstations running Windows 10 1809 or newer and Windows Server 2019 and up. All clients are encouraged to run Windows Update on their devices at their earliest convenience. We will be pushing the update to all mines owned devices, however you should still run Windows Updates to force your device to receive the update if it has not already received the patch. 

If you are working from home and using a Mines managed device, you should connect to the VPN before running Windows Update.

At this time, the print spooler service will still be disabled on all Mines Managed devices. 

 

Previous Information:

What happened and what did we do?

Security researchers have discovered a critical vulnerability in the Microsoft print spooler that has been nicknamed PrintNightmare.  This vulnerability allows privileged, execution of arbitrary code from both local and remote users. In response, print services are being shut down on all ITS-managed machines.


What if I must print something

Windows users who must print something can still use the web interface for OrePrint.  Instructions for using that service can be found here: https://helpcenter.mines.edu/TDClient/1946/Portal/KB/ArticleDet?ID=70037. Note that for the duration of this event ITS is not charging for OrePrint services.


How to secure your own computer?

Everyone using a personally owned machine or managing their own server is encouraged to shut down print spool services immediately to avoid an account takeover.  We have included a YouTube video with instructions on how to shut this service down rapidly. 

Here is the direct link to video: https://youtu.be/-uLZSxS1Dwc or simply Follow the Step-by-Step instructions below as you watch: 

 

Step-by-step instructions (as shown in the Youtube video above):

  • Press the Windows Key
  • Type "Services"
  • Right click "Run as Administrator"
  • Enter Credentials
  • Scroll down to "Print Spooler"
  • Right Click and hit "Properties"
  • Hit "Stop" button to manually stop service if needed.
  • Change Startup type to "Disabled"
  • Hit "OK" to exit

SHORTCUT: If you have local administrative access, just type “net stop spooler” at the windows command prompt. NOTE: This only works until the next reboot. You will need to re-run this command if you reboot; therefore, the preferred method is to follow the instructions above to disable the service.


If you need additional support, please contact the Mines Service Center using this Service or by phone at 303.384.2345


Update 07/01/2021

Dear Orediggers,

Thank you for your patience and cooperation as we work to protect Mines from this global computer vulnerability and threat.

Timeline

We do not know how long it will take Microsoft to get a patch for this particular vulnerability dubbed the PrintNightmare.  We anticipate that Microsoft will release something in a few days.  It may be after the July 4 holiday before we see something.  Until then, ITS has a temporary printing option for you.  Please do not re-enable the print spooler on your computer or connect a local printer to your windows machine until we have an available patch. 

Temporary Printing Options

  1. OrePrint is still working if you use the web interface. 

To connect to OrePrint, use your username and multipass password to log in to this site: https://oreprint.mines.edu/user, click web print, and submit a job.  The site will show a list of available printers.  ITS will be updating this list as we add printers.  The instructions for using OrePrint during the PrintNightmare incident can be found here: https://helpcenter.mines.edu/TDClient/1946/Portal/KB/ArticleDet?ID=134058

  1. ITS can temporarily connect most network printers in your areas to the OrePrint system.  If you would like to have the printer in your area connected, please use this ticket link: https://helpcenter.mines.edu/TDClient/1946/Portal/Requests/ServiceDet?ID=50058

How to Protect Your Machine

If you have not already disabled the print spooler on your Windows computer you should do so immediately by typing “net stop spooler“ at the windows command line.  You can find more detailed instructions here:  https://www.youtube.com/watch?v=-uLZSxS1Dwc  

Threat Severity

Researchers have shown that this vulnerability allows an attacker to not only take over the computer and user account for the person using the Windows print spooler, but allows them to insert code that rapidly gives them administrator privileges to every computer and server on campus.  At this time disabling the print spool service (which disables printing) is the only known defense.  This is a global problem impacting all Windows computers including servers.

Please check the ITS Home Page as well as Mines Help Center for the latest updates on this vulnerability and printing outage.

Thank you for doing your part to protect the Mines Community from this Cyber threat.

Details

Article ID: 134029
Created
Wed 6/30/21 4:07 PM
Modified
Thu 8/12/21 5:42 PM