Saturday, July 3, 2021

Print Spooler vulnerability PrintNightmare

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. 

An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. Attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

 Due to the possibility for exposure, domain controllers and Active Directory admin systems need to have the #Print #spooler service disabled. Do It now and save yourself from Print spooler vulnerability CVE-2021-34527 #printnightmare

see the flowchart to determine if you required to disable print spooler now


If disabling the Print Spooler service is appropriate for your organisation you can do the following way.

1. The recommended way to do this is using a Group Policy Object via

Computer Configuration > Administrative Templates > Printers >>

Disable the “Allow Print Spooler to accept client connections:” policy to block remote attacks 

 2. You can also use the following PowerShell commands:

 Stop-Service -Name Spooler -Force 

 Set-Service -Name Spooler -StartupType Disabled

 Good Luck. 

 #windows #printer #printnightmare


0 comments:

Post a Comment

Twitter Facebook Favorites More