Windows Print Spooler Vulnerability PrintNightmare Zero Day

The PrintNightmare Zero Day vulnerability allows attackers with a local presence on a device to execute malicious code that exploits the flaw in the Windows Print Spooler service, granting SYSTEM access. Specifically, an attacker can exploit the vulnerability by placing the exploit DLL in a subdirectory under “C:WindowsSystem32spooldrivers”. Microsoft notification for this vulnerability can be found here:

Windows operating systems that run the Windows Print Spooler service by default can be exploited via local access to the endpoint. This vulnerability has been classified with a local attack vector, which means that an attacker would theoretically need to have had authenticated to the device running the exploitable Windows Print Spooler service. Per Microsoft’s recommendation customer should prioritize assessing the need for print spooling on domain controllers.

The recommended mitigations to this known vulnerability include the following:

  • Stop and disable the Windows Print Spooler service on machines that do not require it
  • For the systems that require the Windows Print Spooler service to be running, enable the PrintService-Operational event logging
  • For the systems that do require the Windows Print Spooler service to be running ensure they are not exposed to the internet.

This is an evolving situation and we will continue to provide updates as they become available.

If you have questions, your OneNeck team is here to help. OneNeck customers, please contact the OneNeck Service Desk at 800-272-3077.

Additional Resources:

Get In Touch

Call Us

For general inquiries, call: 855.ONENECK

Immediate Assistance

Managed services support: 800.272.3077
Non-managed service support: 515.334.5755
Or visit our service desk:
Service Desk Portal

Chat With Us

Hours available: 24/7
Start a Chat

OneNeck Headquarters

525 Junction Road
Madison, WI 53717
View All Locations

Talk to Our Team