IOC.exchange

0 posts0 participants0 posts today

Lukas Beran𝐇𝐎𝐖 𝐓𝐎 𝐃𝐈𝐒𝐀𝐁𝐋𝐄 𝐏𝐑𝐈𝐍𝐓 𝐒𝐏𝐎𝐎𝐋𝐄𝐑 𝐎𝐍 𝐃𝐎𝐌𝐀𝐈𝐍 𝐂𝐎𝐍𝐓𝐑𝐎𝐋𝐋𝐄𝐑𝐒Print Spooler is a service that takes care of print management. This includes, but is not limited to, managing printer drivers, scheduling print jobs, etc.Print Spooler had a critical vulnerability in the past referred to as PrintNightmare (CVE-2021-34527). This vulnerability allowed attackers to execute code with administrator privileges.The Print Spooler vulnerability was patched promptly, so if you have updated systems, the immediate risk associated with PrintNightmare is no longer present. And for normal systems, it is usually not feasible to disable Print Spooler. It would make printing impossible, which is usually not desirable.But domain controllers are a critical part of Active Directory and need to be as secure as possible, which means blocking everything that is not needed. And you certainly should not need to print on domain controllers, so it’s a good idea to disable Print Spooler on domain controllers.📺 Watch my YouTube video bellow on how to disable Print Spooler on Domain Controllers 👇 👇 <a href="https://youtu.be/O80HHKdnbcQ" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://youtu.be/O80HHKdnbcQ</a><a href="https://infosec.exchange/tags/cswlrd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cswlrd</a> <a href="https://infosec.exchange/tags/printspooler" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#printspooler</a> <a href="https://infosec.exchange/tags/domaincontrollers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#domaincontrollers</a> <a href="https://infosec.exchange/tags/printnightmare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#printnightmare</a> <a href="https://infosec.exchange/tags/videotutorial" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#videotutorial</a>

Pyrzout :vm:PrintNightmare Aftermath: Windows Print Spooler is Better. What’s Next? – Source: www.darkreading.com <a href="https://ciso2ciso.com/printnightmare-aftermath-windows-print-spooler-is-better-whats-next-source-www-darkreading-com/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://ciso2ciso.com/printnightmare-aftermath-windows-print-spooler-is-better-whats-next-source-www-darkreading-com/</a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rssfeedpostgeneratorecho</a> <a href="https://social.skynetcloud.site/tags/DarkReadingSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DarkReadingSecurity</a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurityNews</a> <a href="https://social.skynetcloud.site/tags/PrintNightmare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PrintNightmare</a> <a href="https://social.skynetcloud.site/tags/DARKReading" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DARKReading</a>

Just Another Blue TeamerHappy Monday everyone!I am sifting through the Cisco Talos Intelligence Group "Year In Review" report that was recently published and highlighting some of the things that I found useful/interesting from my perspective. Top Targeted Vulnerabilities: 7/10 of the top CVE's belonged to <a href="https://ioc.exchange/tags/Microsoft" class="mention hashtag" rel="tag">#Microsoft</a>. Now I am not pointing fingers, I think it is there simply because the vast majority of environments are Windows. What IS concerning is that there are multiple vulnerabilities that were being exploited that were either 10 years old or ALMOST 10 years old. 8/10 of the top CVE's had a score of 9 or above. One of these CVE's was CVE-2021-1675, which is a remote code execution vulnerability that exists when the Windows Print Spooler service improperly performs privileged file operations. One product of this vulnerability was the <a href="https://ioc.exchange/tags/PrintNightmare" class="mention hashtag" rel="tag">#PrintNightmare</a> exploit that was leveraged by the <a href="https://ioc.exchange/tags/Magniber" class="mention hashtag" rel="tag">#Magniber</a> ransomware group.Stay tuned for more as we work our way through this report! Enjoy and Happy Hunting!<a href="https://blog.talosintelligence.com/talos-year-in-review-2022/" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://blog.talosintelligence.com/talos-year-in-review-2022/</a>

dispatchMicrosoft Patch Tuesday, August 2021 Edition <a href="https://krebsonsecurity.com/2021/08/microsoft-patch-tuesday-august-2021-edition/" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://krebsonsecurity.com/2021/08/microsoft-patch-tuesday-august-2021-edition/</a> <a href="https://ioc.exchange/tags/TrendMicroZeroDayInitiative" class="mention hashtag" rel="tag">#TrendMicroZeroDayInitiative</a> <a href="https://ioc.exchange/tags/sansinternetstormcenter" class="mention hashtag" rel="tag">#sansinternetstormcenter</a> <a href="https://ioc.exchange/tags/PatchTuesdayAugust2021" class="mention hashtag" rel="tag">#PatchTuesdayAugust2021</a> <a href="https://ioc.exchange/tags/WindowsUpdateMedic" class="mention hashtag" rel="tag">#WindowsUpdateMedic</a> <a href="https://ioc.exchange/tags/CVE" class="mention hashtag" rel="tag">#CVE</a>-2021-26424 <a href="https://ioc.exchange/tags/CVE" class="mention hashtag" rel="tag">#CVE</a>-2021-34481 <a href="https://ioc.exchange/tags/CVE" class="mention hashtag" rel="tag">#CVE</a>-2021-34535 <a href="https://ioc.exchange/tags/CVE" class="mention hashtag" rel="tag">#CVE</a>-2021-36936 <a href="https://ioc.exchange/tags/CVE" class="mention hashtag" rel="tag">#CVE</a>-2021-36948 <a href="https://ioc.exchange/tags/PrintNightmare" class="mention hashtag" rel="tag">#PrintNightmare</a> <a href="https://ioc.exchange/tags/ImmersiveLabs" class="mention hashtag" rel="tag">#ImmersiveLabs</a> <a href="https://ioc.exchange/tags/AskWoody" class="mention hashtag" rel="tag">#AskWoody</a>.com <a href="https://ioc.exchange/tags/DustinChilds" class="mention hashtag" rel="tag">#DustinChilds</a> <a href="https://ioc.exchange/tags/TimetoPatch" class="mention hashtag" rel="tag">#TimetoPatch</a> <a href="https://ioc.exchange/tags/KevinBreen" class="mention hashtag" rel="tag">#KevinBreen</a>

dispatchMicrosoft Patch Tuesday, July 2021 Edition <a href="https://krebsonsecurity.com/2021/07/microsoft-patch-tuesday-july-2021-edition/" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://krebsonsecurity.com/2021/07/microsoft-patch-tuesday-july-2021-edition/</a> <a href="https://ioc.exchange/tags/MicrosoftPatchTuesdayJuly2021" class="mention hashtag" rel="tag">#MicrosoftPatchTuesdayJuly2021</a> <a href="https://ioc.exchange/tags/ChadMcNaughton" class="mention hashtag" rel="tag">#ChadMcNaughton</a> <a href="https://ioc.exchange/tags/CVE" class="mention hashtag" rel="tag">#CVE</a>-2021-31979 <a href="https://ioc.exchange/tags/CVE" class="mention hashtag" rel="tag">#CVE</a>-2021-33771 <a href="https://ioc.exchange/tags/CVE" class="mention hashtag" rel="tag">#CVE</a>-2021-34448 <a href="https://ioc.exchange/tags/CVE" class="mention hashtag" rel="tag">#CVE</a>-2021-34458 <a href="https://ioc.exchange/tags/CVE" class="mention hashtag" rel="tag">#CVE</a>-2021-34473 <a href="https://ioc.exchange/tags/CVE" class="mention hashtag" rel="tag">#CVE</a>-2021-34494 <a href="https://ioc.exchange/tags/CVE" class="mention hashtag" rel="tag">#CVE</a>-2021-34523 <a href="https://ioc.exchange/tags/CVE" class="mention hashtag" rel="tag">#CVE</a>-2021-34527 <a href="https://ioc.exchange/tags/PrintNightmare" class="mention hashtag" rel="tag">#PrintNightmare</a> <a href="https://ioc.exchange/tags/Windowsupdates" class="mention hashtag" rel="tag">#Windowsupdates</a> <a href="https://ioc.exchange/tags/SecurityTools" class="mention hashtag" rel="tag">#SecurityTools</a> <a href="https://ioc.exchange/tags/SatnamNarang" class="mention hashtag" rel="tag">#SatnamNarang</a> <a href="https://ioc.exchange/tags/TimetoPatch" class="mention hashtag" rel="tag">#TimetoPatch</a> <a href="https://ioc.exchange/tags/Automox" class="mention hashtag" rel="tag">#Automox</a> <a href="https://ioc.exchange/tags/Tenable" class="mention hashtag" rel="tag">#Tenable</a>

dispatchMicrosoft Issues Emergency Patch for Windows Flaw <a href="https://krebsonsecurity.com/2021/07/microsoft-issues-emergency-patch-for-windows-flaw/" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://krebsonsecurity.com/2021/07/microsoft-issues-emergency-patch-for-windows-flaw/</a> <a href="https://ioc.exchange/tags/LatestWarnings" class="mention hashtag" rel="tag">#LatestWarnings</a> <a href="https://ioc.exchange/tags/CVE" class="mention hashtag" rel="tag">#CVE</a>-2021-34527 <a href="https://ioc.exchange/tags/PrintNightmare" class="mention hashtag" rel="tag">#PrintNightmare</a> <a href="https://ioc.exchange/tags/SecurityTools" class="mention hashtag" rel="tag">#SecurityTools</a> <a href="https://ioc.exchange/tags/SatnamNarang" class="mention hashtag" rel="tag">#SatnamNarang</a> <a href="https://ioc.exchange/tags/TimetoPatch" class="mention hashtag" rel="tag">#TimetoPatch</a> <a href="https://ioc.exchange/tags/KB5004945" class="mention hashtag" rel="tag">#KB5004945</a> <a href="https://ioc.exchange/tags/Tenable" class="mention hashtag" rel="tag">#Tenable</a>

dispatchPrintNightmare zero day exploit for Windows is in the wild – what you need to know <a href="https://grahamcluley.com/printnightmare-zero-day-exploit/" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://grahamcluley.com/printnightmare-zero-day-exploit/</a> <a href="https://ioc.exchange/tags/PrintNightmare" class="mention hashtag" rel="tag">#PrintNightmare</a> <a href="https://ioc.exchange/tags/Vulnerability" class="mention hashtag" rel="tag">#Vulnerability</a> <a href="https://ioc.exchange/tags/vulnerability" class="mention hashtag" rel="tag">#vulnerability</a> <a href="https://ioc.exchange/tags/Microsoft" class="mention hashtag" rel="tag">#Microsoft</a> <a href="https://ioc.exchange/tags/Malware" class="mention hashtag" rel="tag">#Malware</a> <a href="https://ioc.exchange/tags/printer" class="mention hashtag" rel="tag">#printer</a> <a href="https://ioc.exchange/tags/ZeroDay" class="mention hashtag" rel="tag">#ZeroDay</a>

Recent searches

Search options

Administered by:

Server stats:

#printnightmare