CVE-2021-1675 PoC — Microsoft Windows Print Spooler Components 安全漏洞

Source

https://github.com/kougyokugentou/CVE-2021-1675

Associated Vulnerability

Title:Microsoft Windows Print Spooler Components 安全漏洞 (CVE-2021-1675)
Description:Microsoft Windows Print Spooler Components是美国微软（Microsoft）公司的一个打印后台处理程序组件。 Microsoft Windows Print Spooler Components存在安全漏洞。以下产品和版本受到影响：Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for AR

Description

A small powershell script to disable print spooler service using desired state configuration

Readme

# CVE-2021-1675 - PrintNightmare DSC Mitigation (PowerShell)

> Kougyoku Gentou | July 1, 2021

----------------------------------------------------------

[CVE-2021-1675](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1675) is a critical remote code execution and local privilege escalation vulnerability dubbed "PrintNightmare."

The mitigation is to disable Print Spooler service. Well, most websites say to do this on Domain Controllers only, but realistically it should be done on bascially any Windows Server that is not a print server. So let's fix it! This is using Powershell and Desired State Configuration to stop and disable the print spooler service from all computers in OUs of your choice. You might need to change up some of the variables in the top of the script to fit your environment, but should be self-explanatory.

File Snapshot


 [4.0K]  /data/pocs/1bfb318727bcdda46134a2170f1643193c01c4d9
├── [1.4K]  Disable-PrintSpooler.ps1
└── [ 859]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!