Testing PrintNightmare Spooler Disable mitigation
Log In or Register to download the BES file, and more.

2 Votes


Property Details

ID26860
StatusAlpha - Code that was just developed
TitleTesting PrintNightmare Spooler Disable mitigation
DomainBESC
SourceInternal
Source Release Date7/1/2021 12:00:00 AM
Keywordstest vulnerability spooler print printnightmare
Added by on 7/1/2021 12:34:20 PM
Last Modified by on 7/1/2021 12:34:20 PM
Counters 828 Views / 41 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 1 rating. ** Log In or Register to add your rating.

Relevance

isWindows (Relevance 1172)
Used in 1135 fixlets and 535 analyses   * Results in a true/false
Show indented relevance
windows of operating system
Used in 1 fixlet   * Results in a true/false
Show indented relevance
product type of operating system != nt workstation product type /*optionally avoids desktops*/
Used in 1 fixlet   * Results in a true/false
Show indented relevance
exists services "spooler" whose (state of it = "Running" OR start type of it != "disabled")

Actions

Action 1 (default)

Action Link Click here to deploy this action.
Script Type BigFix Action Script
wait sc.exe stop spooler
wait sc.exe config spooler start= disabled
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.

Action 2

Action Link Click here to see more information.
Script Type URL
https://us-cert.cisa.gov/ncas/current-activity/2021/06/30/printnightmare-critical-windows-print-spooler-vulnerability
    

Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!
MIke_Mills -
The current fixlets don't apply to all OS (like Server 2016) and don't correct the Credential Elevation issues. MS basically released beta-level partial fixes.
brolly33 -
Note - If you are looking for PrintNightmare, MS has released patches and Fixlets are available in regular Patch Fixlet sites.