Nouvelle vulnérabilité dans Microsoft Windows 10 H2  et autres ....

https://www.cert.ssi.gouv.fr/alerte/CERTFR-2021-ALE-014/

Pensez à désactiver le spouleur d'impression  dans les services en attendant mieux

Option 1 - Disable the Print Spooler service

If disabling the Print Spooler service is appropriate for your enterprise, use the following PowerShell commands:

Stop-Service -Name Spooler -Force

Set-Service -Name Spooler -StartupType Disabled

Option 2 - Disable inbound remote printing through Group Policy

You can also configure the settings via Group Policy as follows: Computer Configuration / Administrative Templates / Printers

Disable the “Allow Print Spooler to accept client connections:” policy to block remote attacks.

CISA also advises disabling the Print Spooler service

In related news, CISA has also issued a notification on the PrintNightmare zero-day encouraging admins to disable the Windows Print Spooler service on servers not used for printing.

Per Microsoft's previous recommendations on how to mitigate risks on Domain controllers with Print spooler service running, the service should be disabled on all Domain Controllers and Active Directory admin systems via a Group Policy Object due to the increased exposure to attacks.

Since this service is enabled by default on most Windows clients and server platforms, the risk of future attacks actively targeting vulnerable systems is significant.

Until Microsoft releases PrintNightmare security updates, implementing the mitigations listed above is the easiest way to ensure that threat actors—and ransomware groups in particular—will not jump at the occasion to breach your network.

Update: Added info on PrintNightmware active exploitation.

https://www.bleepingcomputer.com/news/security/microsoft-shares-mitigations-for-windows-printnightmare-zero-day-bug/

PS :

il est tout à fait possible de lancer PowerShell depuis l’invite de commande MS-DOS, comme je vous ai montré en cours , cmd en admin puis en tapant  :  powershell