Bad Zero-Day MS Exploit

Forum for things that doesn't really have anything to do with hMailServer. Such as php.ini, beer, etc etc.
Post Reply
palinka
Senior user
Senior user
Posts: 4455
Joined: 2017-09-12 17:57

Bad Zero-Day MS Exploit

Post by palinka » 2021-07-03 03:49

https://www.bleepingcomputer.com/news/s ... o-day-bug/

CVE-2021-34527 allows attackers to take over affected servers via remote code execution with SYSTEM privileges as it enables them to install programs, view, change, or delete data, and create new accounts with full user rights.

Mitigation:
Option 1 - Disable the Print Spooler service

If disabling the Print Spooler service is appropriate for your enterprise, use the following PowerShell commands:

Stop-Service -Name Spooler -Force

Set-Service -Name Spooler -StartupType Disabled

Option 2 - Disable inbound remote printing through Group Policy

You can also configure the settings via Group Policy as follows: Computer Configuration / Administrative Templates / Printers

Disable the “Allow Print Spooler to accept client connections:” policy to block remote attacks.

Post Reply