CVE-2021-34527 (CVE-2021-1675) PrintNightmare – Detection by SIEM Guide

CVE-2021-1675

Overview The Microsoft Windows Print Spooler service fails to restrict access to the RpcAddPrinterDriverEx() function, which can allow a remote authenticated attacker to execute arbitrary code with SYSTEM privileges on a vulnerable system. (Source: https://www.kb.cert.org/vuls/id/383432) Guide to detect by SIEM: GPO: Verify the Event logs are enabled: Microsoft-Windows-SMBClient/Security Microsoft-Windows-PrintService/Admin Microsoft-Windows-PrintService/Operational WEF: Configure the WEF subscription […]