#PrintSpooler

Russian Cyberspies Deliver ‘GooseEgg’ Malware to Government Organizations

April 23, 2024 by Xynik

April 23, 2024 at 10:13AM APT28, a Russia-linked cyberespionage group, utilized Windows Print Spooler vulnerabilities to deploy GooseEgg, a custom post-exploitation tool targeting organizations in the US, Ukraine, and Western Europe. The tool can grant attackers elevated privileges, enabling activities such as remote code execution and backdoor deployment. Microsoft advises applying security updates and disabling … Read more

Russia’s Fancy Bear Pummels Windows Print Spooler Bug

April 23, 2024 by Xynik

April 23, 2024 at 09:27AM A Russian APT group, Fancy Bear, has been using a tool called GooseEgg to exploit a vulnerability in the Windows Print Spooler service, enabling privileges elevation and credential theft in intelligence-gathering attacks globally. The group’s history includes targeting Microsoft product vulnerabilities for cyber-espionage, with significant recent activity in attacks against … Read more

Microsoft unveils new, more secure Windows Protected Print Mode

December 16, 2023 by Xynik

December 16, 2023 at 11:53AM Microsoft announced the new Windows Protected Print Mode (WPP), bolstering print system security by blocking third-party drivers, reducing resource access, removing attack vectors, and adding binary mitigations. WPP will also introduce transport security and secure print configurations. Additionally, Microsoft will cease third-party printer driver distribution via Windows Update by 2027. … Read more