The Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive on July 13 ordering Federal agencies to disable the Microsoft Windows Print Spooler service, after discovering a vulnerability that allows attackers to remotely take over systems and enable adversaries to compromise the entire identity infrastructure of an agency.
In its emergency directive, CISA explained the exploitation of the vulnerability allows attackers “to remotely execute code with system level privileges.” If left unmitigated, CISA warns the vulnerability could lead to “full system compromise of agency networks.”
CISA gave Federal agencies until midnight tonight to stop and disable the Print Spooler service. Additionally, it ordered agencies to implement Microsoft security updates and management controls by July 20.
Department-level CIOs or equivalents are required to submit a report to CISA by July 21, attesting that they have completed the necessary actions to mitigate the service vulnerability.
“Since this exploitation was identified, CISA has been engaged with Microsoft and Federal civilian agencies to assess potential risk to Federal agencies and critical infrastructure,” Eric Goldstein, executive assistant director for cybersecurity at CISA, said in a statement. “CISA’s mission is to protect the nation against cybersecurity threats, and this directive reflects our determination to require emergency action for exploitations that pose an unacceptable risk to the Federal civilian enterprise. We will continue to actively monitor exploitation of this vulnerability and provide additional guidance, as appropriate.”
Although the emergency directive only orders Federal agencies to take action, CISA encouraged public and private sector organizations to “consider similar steps” to mitigate the vulnerability and protect against cyberattacks.
This is the second Microsoft-related emergency directive CISA has issued this year. The first urged Federal agencies in March to patch a critical vulnerability in Microsoft Exchange on-premises products.