If you have the "Print Spooler" service enabled (which is the default), it means that anyone with access can execute code as SYSTEM against the Windows domain controller. At present, there is no patch from Microsoft. So take a break from your vacation and turn off the service immediately.
Exploitation of CVE-2021-1675 could give remote attackers full control of vulnerable systems. To achieve RCE, attackers would need to target a user authenticated to the spooler service. Without authentication, the flaw could be exploited to elevate privileges, making this vulnerability a valuable link in an attack chain.
comment_7752If you have the "Print Spooler" service enabled (which is the default), it means that anyone with access can execute code as SYSTEM against the Windows domain controller. At present, there is no patch from Microsoft. So take a break from your vacation and turn off the service immediately.
From Tenable's blog:
More information from Microsoft: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1675
View full article
Link to comment
https://beta.jimiwikman.se/forums/topic/7465-article-serious-vulnerability-in-windows-print-spooler-print-nightmare/Share on other sites