Critical System Protection

 View Only
Back to Library

Microsoft Print Spooler Service Impersonation Vulnerability Exploitation and Prevention Part 2 

Jan 14, 2012 03:25 PM

In Microsoft Print Spooler Service Impersonation Vulnerability Exploitation and Prevention Part 1, I explained How to exploit Microsoft Print Spooler Service Impersonation Vulnerability. In next part i will show you how to prevent Microsoft Print Spooler Service Impersonation Vulnerability with Symantec Critical System Protection.

Microsoft Print Spooler Service Impersonation Vulnerability Prevention with SCSP

 

1) I logged into my SCSP Server. Click on Prevention Tab -->  Policies.
 
2) I create one policy named Spoolss Exploit Prevention to prevent Microsoft Print Spooler Service Vulnerability in Windows.
 
    
 
3) Right Click on Policy and Click Apply policy.
 
    
 
4) Select Agent and Click on Next. Now I am Appling a Prevention Policy on Our target machine.
 
    
 
5) SCSP Prevention is enabled on Windows XP machine
 
    
 
6) Attacker used the same exploit and Payload which he used in Part 1.
 
7) Exploit sends one request to Victim Machine for printing.
 
    
 
8) But this time Attacker failed to exploit the same vulnerability on Victim Machine.
 
    
 
It means SCSP Prevents Our Unpatched System from Microsoft Print Spooler Service Impersonation Vulnerability.

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Related Entries and Links

No Related Resource entered.