-
Title
Windows Print Spooler Remote Code Execution Vulnerability CVE-2021-34527 "Print Nightmare Exploit" -
Description
Is SPP affected by the exploit "Print Nightmare" CVE-2021-34527 Windows Print Spooler Remote Code Execution Vulnerability?
More info:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
-
Cause
A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
An attack must involve an authenticated user calling RpcAddPrinterDriverEx().
-
Resolution
SPP disables the spooler service as part of the appliance initialization.
Extract from the logs:
[Information] Service "Spooler" start mode changed to "Disabled"
[Information] Stopping service "Spooler".