PrintNightmare Critical Vulnerability Update

ITS sent the following email on regarding a security issue on 1 Jul 2021.

 

Subject: PrintNightmare Critical Vulnerability Update​
Sender: Susan McMillin <smcmillin@mines.edu>
To: faculty; ugrad; grad; classified
Date: 1 July 2021

Dear Orediggers,

Thank you for your patience and cooperation as we work to protect Mines from this global computer vulnerability and threat.

Timeline
We do not know how long it will take Microsoft to get a patch for this particular vulnerability dubbed the PrintNightmare. We anticipate that Microsoft will release something in a few days. It may be after the July 4 holiday before we see something. Until then, ITS has a temporary printing option for you. Please do not re-enable the print spooler on your computer or connect a local printer to your windows machine until we have an available patch.

Temporary Printing Options

  1. OrePrint is still working if you use the web interface. ITS is not charging for OrePrint printing during this security incident.
    To connect to OrePrint, use your username and multipass password to log into this site: https://oreprint.mines.edu/user , click web print and submit a job. The site will show a list of available printers. ITS will be updating this list as we add printers. The instructions for using OrePrint during the PrintNightmare incident can be found here: https://helpcenter.mines.edu/TDClient/1946/Portal/KB/ArticleDet?ID=134058

  2. ITS can temporarily connect most network printers in your areas to the OrePrint system. If you would like to have the printer in your area connected, please use this ticket link: https://helpcenter.mines.edu/TDClient/1946/Portal/Requests/ServiceDet?ID=50058 .

How to Protect Your Machine
If you have not already disabled the print spooler on your Windows computer you should do so immediately by typing “net stop spooler“ at the windows command line. You can find more detailed instructions here: https://www.youtube.com/watch?v=-uLZSxS1Dwc

Threat Severity
Researchers have shown that this vulnerability allows an attacker to not only take over the computer and user account for the person using the windows print spooler, but allows them to insert code that rapidly gives them administrator privileges to every computer and server on campus. At this time disabling the print spool service (which disables printing) is the only known defense. This is a global problem impacting all Windows computers including servers.

Please check the ITS Home Page at https://it.mines.edu for the latest updates on this vulnerability and print outage.

Thank you for doing your part to protect the Mines Community from this cyberthreat.

Susan McMillin
Chief Information Security Officer
Information and Technology Solutions (ITS)
303-384-2699 office | 303-669-2635 cell
smcmillin@mines.edu

Our values: Trust | Integrity | Respect | Responsibility