Windows Print Spooler Vulnerability (aka “PrintNightmare” Zero Day)

July 2, 2021 Katie McCullough, OneNeck CISO

The PrintNightmare Zero Day vulnerability allows attackers with a local presence on a device to execute malicious code that exploits the flaw in the Windows Print Spooler service, granting SYSTEM access. Specifically, an attacker can exploit the vulnerability by placing the exploit DLL in a subdirectory under “C:WindowsSystem32spooldrivers”. Microsoft notification for this vulnerability can be found here:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

Windows operating systems that run the Windows Print Spooler service by default can be exploited via local access to the endpoint. This vulnerability has been classified with a local attack vector, which means that an attacker would theoretically need to have had authenticated to the device running the exploitable Windows Print Spooler service. Per Microsoft’s recommendation customer should prioritize assessing the need for print spooling on domain controllers.

The recommended mitigations to this known vulnerability include the following:

  • Stop and disable the Windows Print Spooler service on machines that do not require it
  • For the systems that require the Windows Print Spooler service to be running, enable the PrintService-Operational event logging
  • For the systems that do require the Windows Print Spooler service to be running ensure they are not exposed to the internet.

This is an evolving situation and we will continue to provide updates as they become available.

If you have questions, your OneNeck team is here to help. OneNeck customers, please contact the OneNeck Service Desk at 800-272-3077.

This post Windows Print Spooler Vulnerability (aka “PrintNightmare” Zero Day) first appeared on OneNeck.

Previous Article
Better Together in the Nutanix Service Provider Program
Better Together in the Nutanix Service Provider Program

You may have heard that Nutanix recently launched the Nutanix Elevate Service Provider Program, which OneNe...

Next Article
What is Shadow IT | Know the Risks and How to Control It
What is Shadow IT | Know the Risks and How to Control It

No doubt about it — if your company has employees, you have shadow IT. According to a survey conducted by S...