In my latest blog post “Vulnerability advisory: PrintNightmare/CVE-2021-34527 Zero-day Exploit Code Available – What to do now?” I’ve recommended enabling monitoring with Windows EventLogs or Sysmon logging. Since many small to medium business leak the possibility to aggregate, search and alert on Windows EventLogs, I want to propose a simple yet effective manual way for these businesses until a patch is available.Continue reading “PrintNightmare/CVE-2021-34527 Search the Domain with PowerShell”
What has happened?
With the June 2021 security update Microsoft fixed a vulnerability (CVE-2021-1675) in the Windows Print Spooler Service that allowed for Privilege Escalation (LPE) and Remote Code Execution (RCE).
On June 29th exploit code for this vulnerability was published by a security researcher as PoC but then quickly removed as it was clear that the PoC did not address the vulnerability that Microsoft has fixed. Unfortunately the PoC code was already being actively shared at this moment. So for now, we have a 0-day RCE in the Windows Print Spooler Service for which exploit code is available.Continue reading “Vulnerability advisory: PrintNightmare/CVE-2021-34527 Zero-day Exploit Code Available – What to do now?”