PrintNightmare detection and prevention

Question

Has anybody received any information from Sophos regarding https://www.bleepingcomputer.com/news/security/public-windows-printnightmare-0-day-exploit-allows-domain-takeover/ and whether they have a detection and/or prevention solution via InterceptX? 
 
 Most small businesses will only have one server that acts as a domain controller, a file server and a print server so they are particularity vulnerable to this. 
 
 And for those organizations disabling the print spooler (effectively stopping all printing in its tracks) is highly impractical. 
 
 Please share if you have information about how to mitigate this on networks with InterceptX and/or XG at the perimeter. 
 
 Thanks, 
 Christian

GlennSen · Answer

Hi Christian, 
 Thank you for reaching us. Our team is already aware of this exploit. This has been observed as a Bug from Microsoft. You may refer to this Forum from our NakedSecurity for more Information and remediation about the said exploit,

Yashraj S · Answer

Hi Christian Nancy , 
 A new blog has also been published on Sophos Community regarding this - https://community.sophos.com/b/security-blog/posts/advisory-printnightmare-the-zero-day-hole-in-windows

PrintNightmare detection and prevention

Top Replies