#Printernightmare turning into an application nightmare?
Recently we’ve seen an increase in chatter around security leaks and their mitigations.
For us, this ball started rolling when Meltdown, Spectre, and Foreshadow the reason being that the mitigations advice could lead to severely degraded performance.
Since our product suite has evolved, we’ve added functionality that allows you to do application compatibility testing from the users’ perspective. It turns out that being able to check if all of your applications still work after quickly plugging a security hole in your environment is pretty useful.
Here’s what unfolded the last couple of weeks. CVE-2021-34527, better known as “PrinterNightmare”, got publicly announced, scoring an 8.8 out of 10 for severity. This means IT admins have to put mitigations in place to plug this hole as fast as they can, often without sufficient time to check if any systems are affected negatively or if all applications still work.
As if an actively exploited critical flaw in the Windows Print Spooler that can allow someone to take over your computer remotely isn’t bad enough, some people who installed Microsoft’s security patch found out that the connection to their printer stopped working. In a near-repeat of a problem that occurred this spring with a different Windows 10 security update, system admins discovered that many PCs suddenly couldn’t connect to printers — most notably several models of Zebra label printers — after installing the KB5004945 patch. Source
Mind you, Zebra printers are some of the most common in the world of handling and shipping, but I’ve also managed loads of them in the pharmacy industry. Not an ideal place to lose the capability to print labels for prescriptions. What is also problematic is that not all of your applications handle the print spooler service when disabled very well. For example, I’ve seen cases where a business-critical app refused to start until somebody enabled the print spooler again.
Making matters worse, this week, another issue that, based on the description, looks very similar came up CVE-2021-34481 continuing Microsoft’s printer nightmare. To top it all off, SeriousSAM has just hit the streets.
Security researchers are referring to CVE-2021-36934 as “HiveNightmare” or “SeriousSAM.” It’s a “zero-day” vulnerability (not previously known by Microsoft), according to Satnam Narang, a staff research engineer with security solutions firm Tenable. “These mitigations could impact certain functionality of the system. Source: Microsoft Issues Security Advisory on ‘SeriousSAM’ Elevation of Privilege Flaw in Windows Client Systems – Redmondmag.com
Now, most IT admins can live with certain functionality (temporary) breaks when mitigating a potential security leak. However, not knowing what will fail or has broken until a business user phones the support desk informing them their business is at a standstill because application XYZ doesn’t work anymore is far from ideal. It prevents organizations to quickly implement these workarounds and patches while feeling comfortable about it.
What if you could test if all of your applications still work, including your business-critical apps in detail and from remote sites. Additionally, what if this would be fast and cheap? Why wouldn’t you do it?
In my opinion, there are two ways to go about this:
- Implement the mitigation and test all of your applications by hand (every time or every change) or
- Implement a system that can do this for you in an automated fashion, not just for security updates but for every change.
Are you interested in giving this a try? Grab your trial today and boost your confidence in change!
Original source; Mackaycartoons.net, changed by “someone on twitter”