Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2021-1675 PoC — Windows Print Spooler Remote Code Execution Vulnerability

Source
https://github.com/kougyokugentou/CVE-2021-1675
Associated Vulnerability
Title:Windows Print Spooler Remote Code Execution Vulnerability (CVE-2021-1675)
Description:Windows Print Spooler Remote Code Execution Vulnerability
Description
A small powershell script to disable print spooler service using desired state configuration
Readme
# CVE-2021-1675 - PrintNightmare DSC Mitigation (PowerShell)

> Kougyoku Gentou | July 1, 2021

----------------------------------------------------------

[CVE-2021-1675](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1675) is a critical remote code execution and local privilege escalation vulnerability dubbed "PrintNightmare."

The mitigation is to disable Print Spooler service. Well, most websites say to do this on Domain Controllers only, but realistically it should be done on bascially any Windows Server that is not a print server. So let's fix it! This is using Powershell and Desired State Configuration to stop and disable the print spooler service from all computers in OUs of your choice. You might need to change up some of the variables in the top of the script to fit your environment, but should be self-explanatory.
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →