Windows Print Spooler Remote Code Execution Vulnerability CVE-2021-34527 "Print Nightmare Exploit" (4328758)

Chatee ahora con Soporte

Regresar

Comentarios enviados

¿Este artículo solucionó su problema?

Seleccionar calificación

Título

Windows Print Spooler Remote Code Execution Vulnerability CVE-2021-34527 "Print Nightmare Exploit"
Descripción

Is SPP affected by the exploit "Print Nightmare" CVE-2021-34527 Windows Print Spooler Remote Code Execution Vulnerability?
More info:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
Causa

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
An attack must involve an authenticated user calling RpcAddPrinterDriverEx().
Resolución

SPP disables the spooler service as part of the appliance initialization.
Extract from the logs:
[Information] Service "Spooler" start mode changed to "Disabled"
[Information] Stopping service "Spooler".

Comentarios enviados

¿Este artículo solucionó su problema?

Seleccionar calificación

Contenido recomendado

Producto(s):: One Identity Safeguard for Privileged Passwords
6.13.1, 6.13, 6.0.13 LTS, 6.12.1, 6.12, 6.0.12 LTS, 6.11.1, 6.11, 6.10.1, 6.10, 6.9.x, 6.8, 6.0.7 LTS, 6.7.3, 6.7.2, 6.7.1, 6.7, 6.6

Título