Jump to content
Welcome to our new Citrix community!
  • 1

PrintNightmare (CVE-2021-34527) Zero Day Exploit on Windows Print Spooler Service.


Stephen Cohrs

Question

Hi there, 

 

Forgive me ahead of time, I couldn't find the right forum for this issue most likely, I probably looked past it 3 times.

 

 

                        You all may have heard about the zero day exploit "PrintNightmare" that allows an attacker to run code with SYSTEM privileges using the print spooler service if enabled. I work in an environment where we can't just stop the print spooler service. The attacker would drop a .dll file into the C:\Windows\System32\spool\drivers folder. They would then execute that code getting access and then could run anything they want with full user rights.

 

A work around we found was to deny SYSTEM access from this file directory using an ACL.  

 

The issue we are running into is citrix printing is failing, I believe the way citrix sessions are built, it must rely on this drivers directory to create printers in the citrix workspace created when the session is created. 

 

I'm looking for any citrix admins out there that have suggestions, or are dealing with the same issues regarding this zero day.

 

Thanks for the help here, and let me know if you need additional information. Below is the link to microsoft's customer's guidance on this.

 

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

 

-Stephen

Link to comment

3 answers to this question

Recommended Posts

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...