H3-2020-0029¶

Print Spooler Service on Domain Controller Enabled

Description¶

The Print Spooler service is responsible for managing printers and print jobs on that server. This service can be abused by an attacker with low-privilege domain credentials to escalate their privileges to Domain Administrator in certain situations.

Impact¶

Attackers can use this misconfiguration alongside other misconfigurations to escalate privileges from a regular user to a Domain Administrator and compromise the entire domain.

References¶

• Microsoft Print Spooler Security Comments
• Example Attack Chain
• NVD: CVE-2021-34527