#PrintNightmare. Well, it seems like the best strategy for the | Vulnerability Management and more

#PrintNightmare. Well, it seems like the best strategy for the servers is to still shut down the service:

"Mimikatz creator Benjamin Delpy said the problem relates to the Point and Print function, which is designed to allow a Windows client to create a connection to a remote printer with first requiring installation media.

That effectively means an authenticated user could still gain administrator-level privileges on a machine running the Print Spooler service to run arbitrary code.

Most concerning is that this vulnerability could put servers running Windows domain controllers at risk, effectively giving attackers the keys to the kingdom to compromise enterprise networks with ransomware or other malicious code."

And for desktops, additional hardening will be needed:

“Point and Print is not directly related to this vulnerability, but the technology weakens the local security posture in such a way that exploitation will be possible,” it admitted. “To disallow Point and Print for non-administrators make sure that warning and elevation prompts are shown for printer installs and updates.”

Vulnerability Management and more

👨‍🦯 1.79K
Technologies Blogs

Vulnerability assessment, IT compliance management, security automation and other beautiful stuff. Discussion group for this channel: @avleonovchat. PM me @leonov_av...

Join
▲ Vote (1)

#PrintNightmare. Well, it seems like the best strategy for the | Vulnerability Management and more

Login