Important Windows Vulnerability Message

Print Nightmare:

We continue to implement all of Microsoft's recommended actions regarding Print Spooler vulnerabilities. For most servers, the vulnerabilities known as PrintNightmare are now secured through a combination of measures. The rest will be updated during the coming weekend.

However, on July 15.7, a new serious vulnerability was announced in Print Spooler: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481

We therefore continue to monitor this CVE on an ongoing basis. If this vulnerability escalates further ahead before Microsoft offers a fix, we remind our customers that one possible measure may be to shut down the print feature.

The vulnerability depends on being exploited by a logged in user account. We therefore re-emphasize the importance of all users examining emails, attachments, etc. carefully before opening to avoid compromise.

Case:

We have so far not detected any compromise of Kaseya after conducting all analyzes recommended by the supplier and other security sources. We continue to implement all recommended security measures before reopening the service. In addition to this, we have decided to implement our own, expanded measures to ensure that reopening and further operations can take place with the least possible risk.

The measures take some time to verify. We therefore ask for your understanding that the reopening is postponed until next week.

New update about Windows:

Braathe Gruppen has updated servers with the security update Microsoft has released so far. It is expected that Microsoft will soon release a new update that fixes technical errors with label printers. When this is available, all systems will be updated again, continuously.

NOTE: The update is considered an "Urgent Update". The update will therefore be installed outside the normal service window (Thursday evenings) and result in a restart of the server. Restart will then be added to evening / night. If your organization has special requirements for when the restart can take place, please contact support @braathe.no

Cashier has now launched a security update to address known vulnerabilities. In addition, there are expanded capabilities for scanning and monitoring the security of Kaseya servers.

Braathe Gruppen is in the process of testing and evaluating these and other security improvements. At the same time, we make our own risk assessments that will form the basis for reopening the services. If we do not encounter any new concerns along the way, we assume the Kaseya service will be activated again during the week.

Stay tuned https://status.braathe.no/
We update the case continuously. Remember that you can subscribe to notification via e-mail on our status page.

Cashier
We are still working to get the systems back up, and follow all advice and recommendations from Kaseya. We have also performed a scan of the systems to detect any compromises. As of now, we have no indication of compromises. We are finally awaiting a security fix from Kaseya, until then the solution will still be disabled.

Print
Microsoft has released a security update for all systems. We encourage all customers to update their systems through Windows Update. We also experience that some label printers may stop working after a security update. If your business is dependent on label printers, please contact us at  support@braathe.no for further assistance.

Stay tuned https://status.braathe.no/
We update the case continuously. Remember that you can subscribe to notification via e-mail on our status page.

Microsoft has begun releasing patches that help solve the challenges. We encourage all our customers to follow and update via Windows Update. Read the FAQ for updates via Windows Update here.

All systems managed by us will be continuously updated. If you have any questions, please contact us.

Stay tuned https://status.braathe.no/
We update the case continuously. Remember that you can subscribe to notification via e-mail on our status page.

Kaseya REvil

We continue to monitor the situation and apply measures following advice from Kaseya. There is currently no permanent solution in place, until further notice we will keep the servers turned off.

PrintNightmare

We continue to monitor the situation. Recommended vulnerability measures that come from well-known security sources and manufacturers are being implemented on an ongoing basis pending a final security update from Microsoft

Stay tuned https://status.braathe.no/
We update the case continuously. Remember that you can subscribe to notification via e-mail on our status page.

1. Event
   On July 1.7.2021st XNUMX, XNUMX:XNUMX am, it became clear that a vulnerability had been identified in Windows Print Spooler that applies to all versions of Windows on both Server and PC.
   The vulnerability has been nicknamed "Print Nightmare" and under given conditions, the vulnerability could allow malicious code to run with elevated privileges (System) on the local computer.
   Further descriptions of the vulnerability can be found here: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
2. Consequences
   As of July 2.7.2021nd 09, no successful attacks have been observed in connection with the vulnerability in connection with Braathe Gruppen systems
3. Immediate action
   Braathe Gruppen implemented measures approx. at 15:00 1.7.2021 and into the evening. Measures were implemented in accordance with available advice from security sources.
   Common infrastructure as well as dedicated customer systems were reviewed with regard to advice on stopping Print Spooler and disabling it on relevant systems as preventive measures. This was completed during the evening.
   It was not considered necessary to stop Print Spooler which would affect actual printing for end users or customers' professional applications. This is monitored with regard to well-known security sources and will be reassessed on an ongoing basis.
4. Further measures
   The situation is continuously monitored by relevant security sources and manufacturers. Further measures will be implemented in
   in accordance with the current advice from security sources and manufacturers.
   As soon as Microsoft releases security updates that address the vulnerability Braathe Gruppen will implement these
   updates.
5. FAQ
   1. Should I stop the Print Spooler service on my clients and servers?
      Currently Braathe Gruppen sees no need to stop the Print Spooler service at the parent level. However, this advice may change as the situation changes.
      Braathe Gruppen has prepared solutions to stop Print Spooler on various systems including end users' PCs.
      Braathe Gruppen may stop Print Spooler for customers on request. In practice, all printing will then be stopped for the Customer's systems. The customer must assess the effect of this.

Stay tuned https://status.braathe.no/
We update the case continuously. Remember that you can subscribe to notification via e-mail on our status page.

A vulnerability has recently been discovered in Windows that could allow remote code execution. The vulnerability is classified as critical as someone with malicious intent may use it to take over Windows computers (PCs and servers) and distribute malicious software through the network.

Technically, the vulnerability exploits a weakness in Windows Print Spooler, and since this component has also been previously exposed, the vulnerability is called PrintNightmare. We are working diligently to close the security hole, but for now the general recommendation is to stop and deactivate the print spooler service as soon as possible.

Attacks can typically be started through seemingly innocent emails, and we must therefore be proactive and wish to alert you to the following:

• Pay extra attention to emails you receive (also notify your organization).
• There may be a need to stop and disable spooler services on servers without further notice.
• Other measures will be considered on an ongoing basis.

Stay tuned https://status.braathe.no/
We update the case continuously. You can subscribe to notifications via e-mail on our status page.