Recently, a vulnerability was discovered in Windows' “Print Spooler” function, which has been categorised as a critical security vulnerability.
The vulnerability, when successfully exploited, works by tricking the affected computer into copying a malicious library (DLL) file into its print system. This DLL file is then executed, compromising the system and giving the attacker full administrative privileges across the machine; in the case of a Windows Domain Controller, this means full access to everything across the network. That's bad.
Microsoft are working on a patch, but their current advice is to disable the Print Spooler, which is great if you've reached the nirvana of the paperless office, but a bit of a problem for everyone else.
Although the biggest risk is on servers, and specifically domain controller servers, this vulnerability exists in all versions of Windows.
You can find more information on the issue and Microsoft’s current guidance here
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
Response from Aabyss for our clients
We have already taken action to mitigate the risk posed by this vulnerability - we have disabled the access permission to the specific folder in Windows that the Print Spooler uses to store drivers.
Doing this, rather the disabling the Print Spooler, means that users can continue to print, but updating print drivers and installing new printers will be more complex. We are hoping that Microsoft will release a patch very soon, which will mean we can reverse our mitigation.
If you don't work with us already
Hopefully this information is useful to you. If you work with an MSP, check with them if they have taken steps to mitigate. If you don't, but you have the function to run scripts, we based our response on this guidance, and you should be able to use it to mitigate in the way we have for our clients.
If you don't have a function to run scripts, your best course of action is to disable the Print Spooler function on all of your servers, starting with your domain controllers