8/28/2023 0 Comments Lansweeper print nightmareSince this story keeps on giving, I would advise you refer to mimispool’s documentation for additional mitigation. If you have a large network and need to determine which endpoints are vulnerable you can scan entire subnets for the vulnerability using this tool. The fourth mitigation is to segment the network in a way, which does not allow regular users to interact with systems that require the print spooler service. It’s a Windows Print Spooler Remote Code Execution Vulnerability, just like CVE-2021-1675, but it’s not prevented by the latest Patch Tuesday update. However, it does prevent exploit attempts that setup a guest share to distribute the malicious DLL. The new-and-unpatched bug is now widely being described by the nickname PrintNightmare. Additionally, it can also lead to remote code execution with the highest privileges. This will NOT protect against the exploit itself. The PrintNightmare vulnerability allows attackers to obtain full SYSTEM privileges by using a normal domain user account. This ensures that the server cannot access guest shares. The third mitigation is to make sure that in your Group Policy for “Computer Configuration -> Administrative Templates -> Network -> Lanman Workstation -> Enable insecure guest logons” is disabled. You can also configure the settings via Group Policy as follows: Computer Configuration / Administrative Templates / Printers. The second mitigation is to disable inbound remote printing through Group Policy. Set-Service -Name Spooler -StartupType Disabled The first mitigation is to disable the spooler service in Windows, which can be accomplished by executing the following commands in an elevated PowerShell prompt. Next, make sure you understand properly the risk profile of this vulnerability: the attacker must already have credentials of at least one regular user in the network to perform the local privilege escalation or remote code execution attack successfully. First, make sure you applied July and August monthly updates.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |