A weekly recap of pertinent security events you need to be aware of and can read in 7 seconds (or so...)

More Vulnerabilities Impacting the Windows Print Spooler

Do this: Apply the latest Microsoft security updates and, if possible, stop—then disable—the Print Spooler service.
Why: Microsoft has warned of another vulnerability that’s been discovered in its Windows Print Spooler. The vulnerability–separate from PrintNightmare–can allow attackers to escalate privileges and gain full user rights to a system; however, it can only be exploited locally.
Additional Info: Write-up: https://threatpost.com/microsoft-unpatched-bug-windows-print-spooler/167855/ MSRC:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481

Using a SonicWall VPN?

Do this: Upgrade the firmware on any appliances that are still supported and immediately disconnect any legacy products including:

  • SRA 4600/1600 (EoL 2019)
  • SRA 4200/1200 (EoL 2016)
  • SSL-VPN 200/2000/400 (EoL 2013/2014)
Why: “If your organization is using a legacy SRA appliance that is past end-of life status and cannot update to 9.x firmware, continued use may result in ransomware exploitation,” SonicWall said.
Additional Info: Write-up: https://www.sonicwall.com/support/product-notification/urgent-security-notice-critical-risk-to-unpatched-end-of-life-sra-sma-8-x-remote-access-devices/210713105333210/

Using Adobe Acrobat?

Do this: Update your Adobe Acrobat to fix 11 vulnerabilities for both the Windows and macOS platforms.
Why: Adobe posted on their security bulletin, “Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.”
Additional Info: From Adobe: https://helpx.adobe.com/security/products/acrobat/apsb21-51.html


About the Author

Matt Barnett, CISSP, GFCA
Chief Strategist & Cofounder

After years in IT, performing network and system administration, software development, and architecting cloud migrations, Matt began to focus his efforts in cybersecurity. Matt draws on his technical competency and law enforcement background to assist clients, in both proactive and incident response capacities. In addition, Matt has developed an arsenal of applications, strategies, policies, and procedures to assist clients in achieving better cybersecurity.