Has anybody received any information from Sophos regarding https://www.bleepingcomputer.com/news/security/public-windows-printnightmare-0-day-exploit-allows-domain-takeover/ and whether they have a detection and/or prevention solution via InterceptX?
Most small businesses will only have one server that acts as a domain controller, a file server and a print server so they are particularity vulnerable to this.
And for those organizations disabling the print spooler (effectively stopping all printing in its tracks) is highly impractical.
Please share if you have information about how to mitigate this on networks with InterceptX and/or XG at the perimeter.
Thanks,
Christian
This thread was automatically locked due to age.
