A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations.
An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. Attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Due to the possibility for exposure, domain controllers and Active Directory admin systems need to have the #Print #spooler service disabled. Do It now and save yourself from Print spooler vulnerability CVE-2021-34527 #printnightmare
see the flowchart to determine if you required to disable print spooler now
If disabling the Print Spooler service is appropriate for your organisation you can do the following way.
1. The recommended way to do this is using a Group Policy Object via
Computer Configuration > Administrative Templates > Printers >>
Disable the “Allow Print Spooler to accept client connections:” policy to block remote attacks
2. You can also use the following PowerShell commands:
Stop-Service -Name Spooler -Force
Set-Service -Name Spooler -StartupType Disabled
Good Luck.
#windows #printer #printnightmare
0 comments:
Post a Comment