关联漏洞
标题:
Microsoft Windows Print Spooler Components 安全漏洞
(CVE-2021-34527)
描述:Microsoft Windows Print Spooler Components是美国微软(Microsoft)公司的一个打印后台处理程序组件。 Microsoft Windows Print Spooler Components 存在安全漏洞,攻击者可以通过该漏洞绕过PfcAddPrinterDriver的安全验证,并在打印服务器中安装恶意的驱动程序。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1
描述
Fix for PrintNightmare CVE-2021-34527
介绍
# Printnightmare
Fix for PrintNightmare CVE-2021-34527
## Run disable-spooler.ps1 file as administrator to disable spooler
```
powershell.exe -executionpolicy bypass -file .\disable-spooler.ps1
```
## For batch disabling, make a server list with the names of all your servers (e.g. serverlist.txt) and run the file disable-spooler.cmd as administrator to disable the spooler on all your servers
```
powershell.exe -executionpolicy bypass -file .\disable-spooler.cmd
```
## Run deny-drivers.ps1 file as administrator to prevent exploits from being installed
```
powershell.exe -executionpolicy bypass -file .\deny-drivers.ps1
```
## Run the allow-drivers.ps1 file as administrator to reactivate driver installation
```
powershell.exe -executionpolicy bypass -file .\allow-drivers.ps1
```
文件快照
[4.0K] /data/pocs/bc324c248a60d6d77704d68ab1da7a15cdbb3a40
├── [ 285] allow-drivers.ps1
├── [ 282] deny-drivers.ps1
├── [ 574] disable-spooler.cmd
├── [ 148] disable-spooler.ps1
├── [1.0K] LICENSE
├── [138K] PrintNightmare.png
├── [ 900] README.md
└── [ 36] serverlist.txt
0 directories, 8 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。