𝐇𝐎𝐖 𝐓𝐎 𝐃𝐈𝐒𝐀𝐁𝐋𝐄 𝐏𝐑𝐈𝐍𝐓 𝐒𝐏𝐎𝐎𝐋𝐄𝐑 𝐎𝐍 𝐃𝐎𝐌𝐀𝐈𝐍 𝐂𝐎𝐍𝐓𝐑𝐎𝐋𝐋𝐄𝐑𝐒

Print Spooler is a service that takes care of print management. This includes, but is not limited to, managing printer drivers, scheduling print jobs, etc.

Print Spooler had a critical vulnerability in the past referred to as PrintNightmare (CVE-2021-34527). This vulnerability allowed attackers to execute code with administrator privileges.

The Print Spooler vulnerability was patched promptly, so if you have updated systems, the immediate risk associated with PrintNightmare is no longer present. And for normal systems, it is usually not feasible to disable Print Spooler. It would make printing impossible, which is usually not desirable.

But domain controllers are a critical part of Active Directory and need to be as secure as possible, which means blocking everything that is not needed. And you certainly should not need to print on domain controllers, so it’s a good idea to disable Print Spooler on domain controllers.

📺 Watch my YouTube video bellow on how to disable Print Spooler on Domain Controllers 👇 👇
https://youtu.be/O80HHKdnbcQ

#cswlrd #printspooler #domaincontrollers #printnightmare #videotutorial

Print Spooler is a service that takes care of print management. This includes, but is not limited to, managing printer drivers, scheduling print jobs, etc.

Print Spooler had a critical vulnerability in the past referred to as PrintNightmare (CVE-2021-34527). This vulnerability allowed attackers to execute code with administrator privileges.

The Print Spooler vulnerability was patched promptly, so if you have updated systems, the immediate risk associated with PrintNightmare is no longer present. And for normal systems, it is usually not feasible to disable Print Spooler. It would make printing impossible, which is usually not desirable.

But domain controllers are a critical part of Active Directory and need to be as secure as possible, which means blocking everything that is not needed. And you certainly should not need to print on domain controllers, so it’s a good idea to disable Print Spooler on domain controllers.

📺 𝐖𝐚𝐭𝐜𝐡 𝐭𝐡𝐞 𝐫𝐞𝐜𝐨𝐫𝐝𝐢𝐧𝐠 𝐨𝐧 𝐏𝐚𝐭𝐫𝐞𝐨𝐧 (English)
https://www.patreon.com/posts/how-to-disable-106780220?utm_medium=clipboard_copy&utm_source=copyLink&utm_campaign=postshare_creator&utm_content=join_link

📺 𝐖𝐚𝐭𝐜𝐡 𝐭𝐡𝐞 𝐫𝐞𝐜𝐨𝐫𝐝𝐢𝐧𝐠 𝐨𝐧 𝐅𝐨𝐫𝐞𝐧𝐝𝐨𝐫𝐬 (Czech)
https://www.forendors.cz/p/39ff110621ce2c644f22b4208dbd07d4

📺 𝐖𝐚𝐭𝐜𝐡 𝐭𝐡𝐞 𝐫𝐞𝐜𝐨𝐫𝐝𝐢𝐧𝐠 𝐨𝐧 𝐇𝐞𝐫𝐨𝐡𝐞𝐫𝐨 (Czech)
https://herohero.co/cswrld/post/bceroxowdykkdetywahfshfeaca

👍Share, like, comment!

#video #tutorial #cswrld #printspooler #printnightmare

How to Disable Print Spooler on Domain Controller: https://www.alitajran.com/disable-print-spooler-domain-controller/

#printspooler #windows #domaincontroller

Do you have Print Spooler enabled on your Domain Controllers? Do you know that the PrintNightmare critical vulnerability was related to the Print Spooler service?

Print Spooler should be disabled on Domain Controllers completely. You can easily disable it via GPO. #cybersecurity #tip #ad #dc #printspooler #printnightmare https://www.cswrld.com/2023/12/how-to-disable-print-spooler-on-domain-controllers/

Sometimes to just have to.... 🏴‍☠️🦜🏴‍☠️🦜 The Day. /Sarcasm /SargasamSea 🚢🚤

#PrintSpooler 🖨️ ☣️📉😳

📢 For this month patch Tuesday we got Microsoft Signed Drivers Being Used maliciously, a print spooler privilege escalation, AD privileged escalation and a SPNEGO RCE and more.

The first one should really trigger your update schedule and don't forget to hunt for the #IoC published by Mandant, Sophos and others in the #security community.

#patchtuesday #microsoft #AD #printspooler

▫️https://msrc.microsoft.com/update-guide/vulnerability/ADV220005
▫️https://www.mandiant.com/resources/blog/hunting-attestation-signed-malware
▫️https://news.sophos.com/en-us/2022/12/13/signed-driver-malware-moves-up-the-software-trust-chain/
▫️https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44681
▫️https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38042
▫️https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37958