It has come to light that there is a Remote Code Execution exploit for fully-patched Windows Servers.
A full explanation can be found in the following article:
https://www.bleepingcomputer.com/news/security/public-windows-printnightmare-0-day-exploit-allows-domain-takeover/
Is there any reason why the Print Spooler service cannot be stopped & disabled on a Windows Server running DataMiner? I don’t think so, but thought that I’d ask.
No problem, you can safely disable this service on a DataMiner Agent.
PS: I believe the problem only exists on domain controllers.
PPS: Nice catch! You are very much up to date on security, which is good! We’ve already disabled this on our domain controllers as well!
Thanks for this Bert. Microsoft has now raised https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 for this issue.
Under the FAQ on this page, it says “The code that contains the vulnerability is in all versions of Windows. We are still investigating whether all versions are exploitable. We will update this CVE when that information is evident.”
We’ve therefore taken the approach of disabling the Print Spooler on all our DataMiner Agent (and other!) Windows Servers.
Thanks for the link! I’ll forward this to our security team!
In meantime an emergency patch has been made available by Microsoft. Make sure you install the latest updates!
Thanks for sharing that Alex, very useful for the community to be aware of this kind of vulnerabilities.