CVE-2021-34527 (CVE-2021-1675) PrintNightmare – Detection by SIEM Guide


Overview The Microsoft Windows Print Spooler service fails to restrict access to the RpcAddPrinterDriverEx() function, which can allow a remote authenticated attacker to execute arbitrary code with SYSTEM privileges on a vulnerable system. (Source: Guide to detect by SIEM: GPO: Verify the Event logs are enabled: Microsoft-Windows-SMBClient/Security Microsoft-Windows-PrintService/Admin Microsoft-Windows-PrintService/Operational WEF: Configure the WEF subscription […]