back to article Old Windows print spooler bug is latest target of Russia's Fancy Bear gang

Russian spies are exploiting a years-old Windows print spooler vulnerability and using a custom tool called GooseEgg to elevate privileges and steal credentials across compromised networks, according to Microsoft Threat Intelligence. Redmond's threat hunters on Monday published findings from the team's investigation into the …

  1. jake Silver badge

    Who is the perv ...

    ... at the keyhole looking at Winnie The Pooh using the toilet?

  2. Ball boy Silver badge

    Additionally, Redmond suggests disabling print spooler on domain controllers, since this service isn't required for domain controller operations anyway.

    This implies the spooler is enabled by default. If Redmond were really leaving such services running during the initial setup of a DC, may I assume they have since reviewed this rather short-sighted practice and current versions of their installer only enable services a DC needs to have running - or at least presents the instalee (is that a word?) with a list of services to start or block so they can make an informed choice about which holes they want poked through their attack surface.

    1. Anonymous Coward
      Anonymous Coward

      Not saying it's right in any way but

      Sure, it's an issue and it wouldn't be a terrible idea to disable it automatically when a box is DCPromo'd (is that even still a thing?) or at least make it something that you have to opt in to enable.

      But there are plenty of orgs out there with small enough environments that their main/only server does everything inc. DC and print so as a problem, it's always going to be there.

      1. 42656e4d203239 Silver badge

        Re: Not saying it's right in any way but

        (is that even still a thing?)

        Yup. Sure is.

        main/only server does everything inc. DC and print so as a problem, it's always going to be there.

        If they are that small perhaps they should use the two VM Hyper-V license they get with Windows and have one VM being the DC, the other doing everything else? DCs should DC and nothing else - I know many don't, even on larger networks where the admin/configuration people should know better.

        1. Anonymous Coward
          Anonymous Coward

          Re: Not saying it's right in any way but

          It's a lot more efficient to run one copy of the operating system and multiple services on it, than to run multiple copies of the operating system and only one service on each.

          This point was lost on a lot of people when VMs became cool.

  3. Hubert Cumberdale Silver badge

    They should really fix that bug in the spooler where it seems all but impossible to cancel a print job sometimes...

  4. sgj100

    Wayzgoose

    Nice to see that the GRU are up on archaic English traditions. Perhaps they read about it in the same guide book as their compatriots boned up on Salisbury Cathedral.

    A wayzgoose was at one time an entertainment given by a master printer to his workmen each year on or about St Bartholomew's Day.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like