ArcGIS Online

Printnightmare and Kayseya Ransomware Cyberattacks

Esri products are not vulnerable to either of these widely known issues, however your organization will want to ensure your systems are configured appropriately to minimize risk.

On July 13, 2021 CISA issued an Emergency Directive 21-04 for mitigating a Windows Print Spooler service vulnerability CVE-2021-34527, referred to as the Printnightmare.  We avoid providing an announcement for every event that we are not vulnerable to, however when we see a significant number of customers ask, we provide a Trust Center announcement.   For ArcGIS Online and Esri MCS, the Windows Print Spooler service is not enabled due to enforcing security hardening of systems and is therefore not vulnerable to CVE-2021-34527.  For our company operations, we have proactively implemented the recommended mitigation measures.  For COTS products, ArcGIS Enterprise does not have a dependency on the print spooler service. Customers are advised to disable the print spooler service as part of standard hardening guidance for public facing web servers, apply the Microsoft security update across operations and restrict the ability to install print drivers on a print server to administrators only – See emergency directive for further details.

Lastly, we continue to have some customers ask about the Kayseya Ransomware Cyberattack relative to our offerings.  Esri does not utilize Kayseya as part of our operations and was therefore not exposed to this attack.  If you are a Kayseya customer, please follow the latest vendor and industry ransomware guidance.

 

 

References:

Leave a Reply

Please Login to comment

Next Article

What’s new in ArcGIS for SharePoint - July 2021

Read this article