https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

Microsoft have released information regarding a critical server vulnerability that is caused by the Print Spooler service. As of yet, there is no patch available and there is known working code in the wild that can exploit it.

If exploited, a remote user could gain full control of a domain controller and customer network causing untold havoc and financial damage.

There are a few ways to mitigate this vulnerability which we have already put in place for our clients.

First, if your server does not need to be running the print spooler service, then disable it immediately! This can be done via services.msc

Second, lock down the c:\windows\system32\spool\drivers folder and subfolders. This will prevent a remote user from exploiting this vulnerability. Here is the powershell code to do this:

$Path = “C:\Windows\System32\spool\drivers”

$Acl = (Get-Item $Path).GetAccessControl(‘Access’)

$Ar = New-Object System.Security.AccessControl.FileSystemAccessRule(“System”, “Modify”, “ContainerInherit, ObjectInherit”, “None”, “Deny”)

$Acl.AddAccessRule($Ar)

Set-Acl $Path $Acl

This code will add SYSTEM as a DENY permission to the c:\windows\system32\spool\drivers folder and subfolders.

Stay safe!

Identify theft is on the rise, and the most modern way of doing this is via your e-mail account. What used to be a simple but efficient tool for you to send messages is now the hub of your life especially when it comes to your personal information. What happens if you forget your bank account password? A reset e-mail gets sent to your inbox for verification. What happes when you forget your Amazon password? A reset e-mail gets sent to your inbox for verification. So what if someone had access to your inbox and could also request these password resets on your behalf? And then delete any trace of them doing so? The results are scary to think about.

In the business world, many companies have been a target of e-mail phishing scams which entice a user to a fake website where they enter their Office 365 username and password. At this point, the hackers have full access to your e-mail account, your life and potentially your whole business. More recently sophisticated scammers have been taking this a step further. They have waited and analysed your e-mail traffic to find out all the details of how your business runs, in particular, who is the Managing Director and who is the Finance Director. They then carefully wait until the Managing Director is away on holiday and send an e-mail pretending to be him directly to the Fianance Director asking for an immediate transfer of money to a particular bank account. Unfortunately, many businesses have fallen for this scam.

How can you protect yourself and your business from this kind of attack?

Imagine you locked your house door but that other people had access to your key. It would be easy for them to break in and take your belongings. If you had MFA (Multi-Factor Authentication) or 2FA (2-Factor Authentication) on your house, it would be like someone trying to open your front door with a key but in order to turn the handle a text message gets sent to your mobile phone or secure app on your phone asking permission first. This extra layer of security is vital in protecting your valuable data.

Office 365 allows you to configure MFA or 2FA on your e-mail accounts. Once activated, you will be prompted to setup the second layer of authentication either by receving a text message, phone call or via a secure app.

If you have been the target of one of the scams or would like assistance in setting up MFA / 2FA on your Office 365 accounts, please contact us on 01522 282120 or via info@lincolnitsolutions.co.uk