Bad news for the Windows server admins, it would appear that at zero day exploit has surfaced that is extraordinary bad if you have Domain Controllers with the print-spooler service running (eg. printer role). The exploit allow an attacker to execute code as system via a normal domain user account. As of this post there is no patch available.

Potential Mitigation

Stop and disable the “Printer Spooler” service on servers where it is not required (especially DC’s).

Read more here: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1675

and here: https://www.theverge.com/2021/7/2/22560435/microsoft-printnightmare-windows-print-spooler-service-vulnerability-exploit-0-day

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.