This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects attempt to exploit a remote code execution vulnerability in Print Spooler Service
Microsoft Windows is prone to a remote code-execution vulnerability that affects the Print Spooler Service. The Print Spooler Service manages the printing process, including spooling and scheduling print jobs.
Microsoft Windows is prone to a remote code-execution vulnerability because the Print Spooler Service fails to adequately restrict the locations where users have permissions to print to a file.
A remote attacker can exploit this issue to execute code with SYSTEM-level privileges. Local attackers able to submit print jobs can exploit this issue to gain elevated privileges.
NOTE: To exploit this issue, an attacker must have permissions to submit print jobs on the vulnerable system. Guest access to shared print services is enabled by default on Windows XP; later systems will require the attacker to authenticate to the server, or require the server to be configured to allow anonymous access.