Exploit: PrintNightmare

Here we go again, a new PoC is in the wild and it’s attacking your print spooler!!

The lastest update from Microsoft does not patch this and even Windows 7 to Windows 2019 is vulnerable.

Mitigation:

Stop the spooler on all devices not needing it, especially DC’s!

Restrict access to print servers with firewall rules.

Run theese commands in your RMM or logon scripts.

Command prompt: net stop spooler && sc config spooler start=disabled
PowerShell prompt: Stop-Service -Name Spooler -Force Set-Service -Name Spooler -StartupType Disabled

Source:

Zero day for every supported Windows OS version in the wild — PrintNightmare | by Kevin Beaumont | Jul, 2021 | DoublePulsar

PoC exploit accidentally leaks for dangerous Windows PrintNightmare bug – The Record by Recorded Future

PrintNightmare, Critical Windows Print Spooler Vulnerability | CISA

Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close