Defender for Identity detects PrintNightmare vulnerability, reducing risk for Print Spooler
According to Daniel Naim, Microsoft program manager, Defender for Identity can now detect exploits of the Print Spooler service using the PrintNightmare vulnerability (CVE-2,021-34.527) and help prevent attacks inside the networks of Microsoft servers. organization.
If successfully exploited, this critical vulnerability grants Domain Administrator elevated privileges, steals domain credentials, and distributes malware as a Domain Administrator via RCE, with SYSTEM privileges. This allows an attacker to take over the affected servers.
Microsoft Defender for Identity (formerly known as Azure Advanced Threat Protection or Azure ATP) is a cloud-based security solution that uses on-premises Active Directory signals.
This enables SecOps security operations teams to detect and investigate compromised identities, advanced threats, and malicious insider activity targeting registered organizations.
You need to subscribe to the Microsoft 365 E5 plan to use Defender for Identity. But if you haven't signed up yet, you can get a trial of Security E5 now to power this new feature.
Last week, Microsoft clarified the PrintNightmare patch guide and shared the steps needed to patch the critical vulnerability correctly after some security researchers discovered the patch could still be "barred". .
CISA also requires federal agencies to mitigate the actively exploited PrintNightmare vulnerability on their networks.
Defender for Identity was updated in November to detect the Zerologon exploit as part of on-premises attacks targeting this critical vulnerability.
Microsoft will roll out another update later this month that will allow SecOps to thwart attack attempts by locking down compromised users' Active Directory accounts.
You should read it
- PrintNightMare vulnerability patch is flawed, attackers can still 'break through'
- Steps to disable Print Spooler on Windows 10
- Steps to fix PrintNightmare vulnerability on Windows 10
- What is 'Spooler SubSystem App' and why run on the computer?
- How to fix Print Spooler Error on the printer
- How to restart the Print Spooler service on Windows
- Fix Printer Spooler error code 0x800706b9 on Windows 10
- Discover more ways to attack the printing system in Windows
- Fix the spooler print service service not running on Windows 10, 8.1, 7
- 'Printer Catastrophe' Vulnerability Threatens All Versions of Windows
- How to Fixed error 0x0000011b could not be printed when printing over the network
- AMD CPUs also have security vulnerabilities that have existed for many years now!
Maybe you are interested
Here's everything Microsoft knows about your PC!
How to enable Extension Performance Detector in Microsoft Edge
Microsoft: TPM 2.0 in Windows 11 is mandatory and 'non-negotiable'
New Microsoft 365 Attack Can Break 2FA
Microsoft still recommends 15-year-old backup solution for Windows 11 and 10 users
How to disable custom scroll bars on Microsoft Edge