Microsoft has issued another security advisory regarding a new vulnerability in the Windows Print Spooler feature. An attacker can take advantage of this vulnerability to execute code with administrat... Microsoft security advisory - new vulnerability in the Windows Print Spooler feature.
I always do disable printer spooler because i never use a printer so it's a useless use of resources. All those processes for printing should be able to be removed from the install of a fresh copy of Windows.
It doesn't require an exploited system, it just requires you to have access to a system. Phishing a regular user, even initiating a teamviewer session with a regular payroll or maintenance or whatever employee will get you the access you need to take over the entire domain. If you can get logged in via any means as anyone, you can make it happen. It's a big big big flaw.
it requires a trojan compromised administrator level account that can add compromised spool drivers. A standard user cannot add or remove spool drivers, the only way a standard user is getting a compromised driver is by having a printserver up the line serving a compromised driver to client systems. this exploit is not browse by or remotely triggerable without a trojan already permitting privilege escalation. PS: once you have physical access to the machine, the accounts mean little,
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36958 Where do you see that it requires physical access, or a trojan? And it doesn't have to be a compromised print server on the network, it can just be a public facing print server you control. I did get my print nightmares mixed up otherwise. This is only local escalation, not domain like before. Aside from that though idk where you got your information.
As stated in the article from that link: Local If you expand you will see the following: Which is pure logic when you have deeper insides of Windows and it's service stack, so Astyanax is completely correct with his claims.
It literally says "remotely or via user interaction." It does not say physical access is required. Physical access means you need solder, or remove, or short, or do something physical to the machine that you can ONLY do when there...It doesn't mean manipulate the keyboard guys come on what is this? https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17099 This is an example of an attack requiring PHYSICAL ACCESS you can see because the Vector says PHYSICAL. Local and physical are different.
still dont care that printer spool service has been disable for 15+ years and has been turn on maybe 10 in that time
Thank you for basically misunderstanding what you've read but confirming it anyway. The print server must already be exploited locally, via trojan or ignorant user believing a tech support scam to serve clients a malformed driver allowing access into the clients remotely.
And yet, they want to release Windows 365? That's stupid. You might want to think twice about using it in a Chrome built browser.
Why even comment then? In an enterprise environment the print spooler is used for everything from network printing, PDF's and even Adobe updates rely on the print spooler. Those are obviously going to be the targets not people like you. In this type of environment just turning off the print spooler is not an acceptable solution.
if your print spooler is exploited, your IT is a moron. Please Comprehend before responding. The print server has to be actively exploited before this attack can be used.