CCE-47767-9Platform: cpe:/o:microsoft:windows_server_2016 | Date: (C)2022-09-02 (M)2023-07-04 |
This policy controls whether the print spooler will accept client connections.When the policy is unconfigured or enabled, the spooler will always accept client connections.When the policy is disabled, the spooler will not accept client connections nor allow users to share printers. All printers currently shared will continue to be shared.The spooler must be restarted for changes to this policy to take effect.Fix:(1) GPO: Computer ConfigurationAdministrative TemplatesPrintersAllow Print Spooler to accept client connections(2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindows NTPrinters!RegisterSpoolerRemoteRpcEndPoint
Parameter:
[enabled/disabled]
Technical Mechanism:
(1) GPO: Computer Configuration\Administrative Templates\Printers\Allow Print Spooler to accept client connections
(2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers!RegisterSpoolerRemoteRpcEndPoint
CCSS Severity: | CCSS Metrics: |
CCSS Score : 8.1 | Attack Vector: NETWORK |
Exploit Score: 2.2 | Attack Complexity: HIGH |
Impact Score: 5.9 | Privileges Required: NONE |
Severity: HIGH | User Interaction: NONE |
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:83701 |