In the Windows print queue (from Windows 7 on) is a vulnrebility to be found, Microsoft alerts users about the CVE-2021-34527 vulnerability called "PrintNightmare". it enables attackers to... Microsoft warns about new vulnerability "PrintNightmare"
I am on Win 10, I only have "Allow Print Spooler to accept client connections" so have disabled that instead.
its disabled by default, unless you're sharing a wired printer amongst your local network. This exploit requires the installation of a compromised printer driver in the first place, it cannot be exploited simply by having client connections available. (or other trojan exploit) If your print domain is already infected, this exploit allows clients to be easily infected since the infected driver will be added to the print server store, clients could pull it down by clicking on or trying to print to it.
I think is more MS that should be speedier in fixin or disabling the policy with an update if they know the research came from an external lab
How has MS not figured out yet that the reason their OS has always been plagued with security issues is because they keep opening up access to everything?
My understanding is that end users who have patched via WIndows Update in June are already protected/mitigated from this. The current issue is with businesses running Active Directory and so that will be patched soon. Meanwhile, there are mitigation workarounds to address this for business IT admins. Please correct me if I am wrong about this.
printer spool service? i have had that "manual" for decades i only turn it on when I actual need to print something, and I almost never do that. which manybe 3 times year? if that and i turn right off after doing so. I knew there was reason why I turn off printer spool
another printer/spooler thing exploit wasn't that already a problem like 10 years ago (quick search found me 2010-2012-2013 already...) edit: thx tsunami completely forgot to do it when I installed my current pc from scratch
I also have no use for printing services and have always disabled Printer Spool from way back as well as the other 2 printer services in Win10.
they aren't, because of a still ongoing microsoft habbit of adding authenticated users to domain services.
Thank you. I hate when a vulnerability is just blurted out without any background or explanation from the very basic. It should include the extent of the vulnerabilities including vectors along with solutions or work arounds.
