![]() Registry: HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Start = 4.GPO: Security Settings -> System Services -> Print Spooler -> Disable.Thanks to Benjamin Delpy, there is an updated flow chart on the exploitability of this issue to determine if your systems are likely vulnerable. We've written up a blog post explaining the content of this repo and the information found. Please test all recommended fixes before rolling out to production as there may be unintended consequences as a result of these hardening changes. Please note that these rules may be circumvented - please patch as appropriate and disable the printer spooler service on domain controllers. This repo contains an EVTX sample of the CVE-2021-1675 & CVE-2021-34527 attack as well as a minimal Sysmon configuration file that can be used to generate the relevant telemetry. ![]() Therefore the workarounds listed below are still recommended. ![]() The patch has been confirmed to fix RCE however local priviledge escalation appears to not be patched as of yet. From Lares Labs: Detection & Remediation Information for CVE-2021-1675 & CVE-2021-34527 □ Patch released:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |