https://www.theregister.com/2021/06/30/windows_print_spool_vuln_rce/
"An infosec firm accidentally published a proof-of-concept exploit for a critical Windows print spooler vulnerability that can be abused by rogue
users to compromise Active Directory domain controllers."
"The security hole, tracked as CVE-2021-1675, can be exploited by a low-privileged user to execute code as an administrator on a system
running the print spooler service. Initially Microsoft classified it as
a local privilege escalation flaw in June's Patch Tuesday run of Windows updates – but on 21 June that classification was upped to describe it as
a remote-code execution vuln meaning it can be pulled off over a network."
"by lightly tweaking the proof-of-concept code circulating in the wild,
a malicious or compromised domain-authenticated user could execute code
at the SYSTEM level on, say, a domain controller via the vulnerable
Windows Print Spooler service running on that box. That's bad news."
"CVE-2021-1675 affects Windows Server 2008, Server 2012, Server 2016,
Server 2019, Windows RT, and desktop OSes 7, 8, and 10."
"Informed infosec people" <snip> "have suggested sysadmins should
disable the Windows print spool service on domain controllers as an
immediate mitigation. Some have claimed the Patch Tuesday mitigation
doesn't work."
"It works from any domain user to exploit any network server using print spooler service, which is enabled by default on domain controllers."
The most severe vulnerability was given the nicname "PrintNightmare".
P.O.C. code was inadvertently posted to GitHub, then deleted a day or so
later [but too late, it had been forked and circulated already].
The article recommends immediately patching *AND* disabling the print
spooler service on affected windows systems.
--
(aka 'Bombastic Bob' in case you wondered)
'Feeling with my fingers, and thinking with my brain' - me
'your story is so touching, but it sounds just like a lie'
"Straighten up and fly right"
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)