CISA Orders Agencies to Patch Microsoft ‘PrintNightmare’ Vulnerability JuSun/iStock.com email July 13, 2021 10:28 PM ET The flaw—which Microsoft said affects all versions of Windows—could allow an adversary to execute code on their victim’s system remotely. The Cybersecurity and Infrastructure Security Agency instructed federal agencies to disable Microsoft Windows’ Print Spooler service before midnight on Wednesday to avoid network compromise. “CISA has become aware of active exploitation, by multiple threat actors, of a vulnerability (CVE-2021-34527) in the Microsoft Windows Print Spooler service,” reads the emergency directive CISA issued Tuesday. “Exploitation of the vulnerability allows an attacker to remotely execute code with system level privileges enabling a threat actor to quickly compromise the entire identity infrastructure of a targeted organization. CISA has validated various proofs of concept and is concerned that exploitation of this vulnerability may lead to full system compromise of agency networks if left unmitigated.”