Windows Print Spooler Vulnerability: 6 Questions to Assess Third-Party Exposure

Researchers at Sangfor recently accidentally published a proof-of-concept (PoC) exploit of an unpatched critical flaw in the Microsoft Windows Print Spooler service. The vulnerability, called PrintNightmare, allows attackers to remotely execute code with system-level privileges. Although the PoC was quickly deleted by Sangfor after its publication was discovered, the damage was done – it was already on GitHub.

While Windows Print Spooler is an old component, it is still ubiquitous. And since this exploit opens the door for bad actors to install programs, modify data, and create new admin accounts, you may want to assess the response of any third parties with access to your company’s systems and data.

Next Steps for Third-Party Incident Response and Breach Monitoring

Prevalent helps to rapidly identify and mitigate the impact of vulnerabilities like PrintNightmare by offering a platform to centrally manage vendors, conduct targeted event-specific assessments, score identified risks, and access remediation guidance. The Third-Party Incident Response Service is a managed service to enable your team to offload the collection of critical response data so they can focus on remediating risks instead.

Complementing the Incident Response Service is Prevalent’s continuous cyber and business breach monitoring solution, which provides regular updates on breach disclosures, adverse news events, and cyber incidents such as malicious dark web activity about your vendors. Together, these solutions help to automate security incident discovery and accelerate response.

Contact us today to learn how Prevalent can help deliver visibility into third-party security controls and processes.