Microsoft Identifies Vulnerability Impacting Windows Machines

On July 7, 2021, Microsoft released a security update to address a vulnerability impacting Windows-based (desktop and server) systems. Known as PrintNighmare, this vulnerability could allow an attacker to install programs, view, change, or delete data, or create new accounts with full user rights. At this time, macOS and Linux devices are not impacted.

Northwestern IT has notified University Technology Leaders and UNITS Representatives of the necessary steps to patch Windows devices immediately. Additionally, Northwestern’s primary endpoint security software, Crowdstrike, and Qualys can protect from and report on PrintNightmare and other critical vulnerabilities.

Impact on the Northwestern Community

IT Support Staff

Both Crowdstrike and Qualys are available to University-owned endpoints and servers for no additional cost to University schools and business units. IT support staff who have not fully deployed the Crowdstrike Falcon sensor and Qualys cloud agent to your unit’s endpoints and would like assistance should contact the Information Security Office at security@northwestern.edu.

Students, Faculty, and Staff

Please follow best practices for cybersecurity: keep your operating system, applications, and other software up-to-date, do not click suspicious links in email, use only secure, trusted networks (or the Northwestern VPN on public/untrusted networks), and do not open shared documents or email attachments unless you expect them and trust the person who sent them.  For more security tips, see Recognizing Phishing Attempts, Tips for Securing Your Devices, and NetID and Password Security on the Northwestern IT website.