Defender for Identity detects PrintNightmare vulnerability, reducing risk for Print Spooler
Microsoft helped Defender for Identity detect the PrintNightmare exploit to help the Security Operations team detect hacker attacks.
According to Daniel Naim, Microsoft program manager, Defender for Identity can now detect exploits of the Print Spooler service using the PrintNightmare vulnerability (CVE-2,021-34.527) and help prevent attacks inside the networks of Microsoft servers. organization.
If successfully exploited, this critical vulnerability grants Domain Administrator elevated privileges, steals domain credentials, and distributes malware as a Domain Administrator via RCE, with SYSTEM privileges. This allows an attacker to take over the affected servers.
Microsoft Defender for Identity (formerly known as Azure Advanced Threat Protection or Azure ATP) is a cloud-based security solution that uses on-premises Active Directory signals.
This enables SecOps security operations teams to detect and investigate compromised identities, advanced threats, and malicious insider activity targeting registered organizations.
You need to subscribe to the Microsoft 365 E5 plan to use Defender for Identity. But if you haven't signed up yet, you can get a trial of Security E5 now to power this new feature.
Last week, Microsoft clarified the PrintNightmare patch guide and shared the steps needed to patch the critical vulnerability correctly after some security researchers discovered the patch could still be "barred". .
CISA also requires federal agencies to mitigate the actively exploited PrintNightmare vulnerability on their networks.
Defender for Identity was updated in November to detect the Zerologon exploit as part of on-premises attacks targeting this critical vulnerability.
Microsoft will roll out another update later this month that will allow SecOps to thwart attack attempts by locking down compromised users' Active Directory accounts.
- What is 'Spooler SubSystem App' and why run on the computer?
- Discover more ways to attack the printing system in Windows
- How to Run Windows Defender Offline
- How to fix Print Spooler Error on the printer
- Fix Printer Spooler error code 0x800706b9 on Windows 10
- 'Printer Catastrophe' Vulnerability Threatens All Versions of Windows
- How to turn off the Windows Defender Summary notification on Windows 10
- Microsoft Defender ATP detects jailbroken Apple devices