Ransomware Gangs Try to Exploit ‘PrintNightmare’ Flaws

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360

Endpoint Security
Fraud Management & Cybercrime
Governance & Risk Management

Meanwhile, Microsoft Has Published an Advisory on Another Zero-Day Bug

Ransomware Gangs Try to Exploit 'PrintNightmare' Flaws

Security researchers at Cisco Talos and CrowdStrike are tracking several ransomware gangs that are attempting to exploit a bugs in Microsoft Windows dubbed “PrintNightmare,” which the company has been warning about since June.

See Also: 2021 Unit 42 Ransomware Threat Report

While Microsoft has issued emergency patches for some of the flaws, attackers are still targeting unpatched systems.

Meanwhile, Microsoft published an out-of-band security advisory Wednesday about another zero-day flaw that is part of the class of bugs that make up PrintNightmare, a series of remote code execution vulnerabilities affecting Windows Print Spooler – which enables devices to communicate with printers – as well as other printing features found in various versions of the Windows operating system.

Microsoft has issued an emergency workaround for this flaw but has not yet issued a patch.


Despite warnings from Microsoft and other security researchers over the last several months, the unpatched PrintNightmare vulnerabilities continue to cause issues for Windows users. In July, the U.S. Cybersecurity and Infrastructure Security Agency issued a directive for federal agencies to immediately patch the flaws (see: CISA Emergency Directive: Patch ‘PrintNightmare’ Flaw).

In previous alerts, Microsoft noted that these remote code execution vulnerabilities in the Windows Print Spooler and…