零日漏洞PrintNightmare曝光：可在Windows后台执行远程代码

显示全部楼层 · 发表于 2021-7-1 11:59:08

中国安全公司深信服（Sangfor）近日发现了名为 PrintNightmare 的零日漏洞，允许黑客在补丁完善的 Windows Print Spooler 设备上获得完整的远程代码执行能力，该公司还发布了概念证明代码。

在 6 月补丁星期二活动日中，微软发布的安全累积更新中修复了一个类似的 Print Spooler 漏洞。但是对于已经打过补丁的 Windows Server 2019 设备，PrintNightmare 漏洞依然有效，并允许攻击者远程执行代码。

根据概念证明代码显示，黑客只需要一些（甚至是低权限）的网络凭证就可以利用该漏洞进行远程执行，而且这些凭证在暗网上只需要 3 美元就能买到。这意味着企业网络又极易受到（尤其是勒索软件）的攻击，安全研究人员建议企业禁用其 Windows Print Spoolers。

影响版本

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server, version 2004 (Server Core installation)

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows 10 Version 2004 for x64-based Systems

Windows 10 Version 2004 for ARM64-based Systems

Windows 10 Version 2004 for 32-bit Systems

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Sys

显示全部楼层 · 发表于 2021-7-1 12:34:59

可怕

，不知道这个服务是不是默认开启的

显示全部楼层 · 发表于 2021-7-1 12:47:19

这个服务全部躺枪了吗

显示全部楼层 · 发表于 2021-7-1 14:28:36

不就是留后门被人发现了！美其名曰漏洞！

显示全部楼层 · 发表于 2021-7-1 16:44:58

只有 print spooler
没有 Windows print spoolers

显示全部楼层 · 发表于 2021-7-1 18:10:26

理论上来说只要把这个服务关掉就好了吧，对于服务器方面只要不是打印服务都是默认关闭的

[ＩＴ业界] 零日漏洞PrintNightmare曝光：可在Windows后台执行远程代码