Nouvelle vulnérabilité dans Microsoft Windows 10 H2 et autres ....
https://www.cert.ssi.gouv.fr/alerte/CERTFR-2021-ALE-014/
Pensez à désactiver le spouleur d'impression dans les services en attendant mieux
Option 1 - Disable the Print Spooler service
If disabling the Print Spooler service is appropriate for your enterprise, use the following PowerShell commands:
Stop-Service -Name Spooler -Force
Set-Service -Name Spooler -StartupType Disabled
Option 2 - Disable inbound remote printing through Group Policy
You can also configure the settings via Group Policy as follows: Computer Configuration / Administrative Templates / Printers
Disable the “Allow Print Spooler to accept client connections:” policy to block remote attacks.
CISA also advises disabling the Print Spooler service
In related news, CISA has also issued a notification on the PrintNightmare zero-day encouraging admins to disable the Windows Print Spooler service on servers not used for printing.
Per Microsoft's previous recommendations on how to mitigate risks on Domain controllers with Print spooler service running, the service should be disabled on all Domain Controllers and Active Directory admin systems via a Group Policy Object due to the increased exposure to attacks.
Since this service is enabled by default on most Windows clients and server platforms, the risk of future attacks actively targeting vulnerable systems is significant.
Until Microsoft releases PrintNightmare security updates, implementing the mitigations listed above is the easiest way to ensure that threat actors—and ransomware groups in particular—will not jump at the occasion to breach your network.
Update: Added info on PrintNightmware active exploitation.
https://www.bleepingcomputer.com/news/security/microsoft-shares-mitigations-for-windows-printnightmare-zero-day-bug/
PS :
il est tout à fait possible de lancer PowerShell depuis l’invite de commande MS-DOS, comme je vous ai montré en cours , cmd en admin puis en tapant : powershell
Aucun commentaire:
Enregistrer un commentaire