๐ ๐๐ฟ๐ผ๐บ ๐๐ต๐ฒ ๐๐ถ๐ฒ๐น๐ฑ โ Real-World Findings from Security Assessments
๐ฅ ๐ณ๐ญ.๐ฐ%ย of infrastructures Iโve assessedย ๐ฑ๐ผ ๐ป๐ผ๐ ๐ฑ๐ถ๐๐ฎ๐ฏ๐น๐ฒ ๐๐ป๐ป๐ฒ๐ฐ๐ฒ๐๐๐ฎ๐ฟ๐ ๐๐ฒ๐ฟ๐๐ถ๐ฐ๐ฒ๐
And yes โ weโre back in the 70% range, I skipped them by mistake.
๐ง๐ต๐ถ๐ ๐ถ๐ ๐ฎ ๐พ๐๐ถ๐ฐ๐ธ ๐๐ถ๐ปย in Windows infrastructure security. Microsoft even provides aย guideย showing which services are safe to disable and which ones are critical โ follow it, verify what you actually use, and push the configuration through aย GPOย for all Windows Servers.
๐ฌ๐ผ๐ ๐ฐ๐ฎ๐ป ๐๐๐ฒ ๐ณ๐ผ๐น๐น๐ผ๐๐ถ๐ป๐ด ๐๐ฃ๐ข๐:
โ ๐๐ฐ๐ฎ๐ฑ๐ถ๐ต๐ฆ๐ณ ๐๐ฐ๐ฏ๐ง๐ช๐จ๐ถ๐ณ๐ข๐ต๐ช๐ฐ๐ฏ\๐๐ฐ๐ญ๐ช๐ค๐ช๐ฆ๐ด\๐๐ช๐ฏ๐ฅ๐ฐ๐ธ๐ด ๐๐ฆ๐ต๐ต๐ช๐ฏ๐จ๐ด\๐๐ฆ๐ค๐ถ๐ณ๐ช๐ต๐บ ๐๐ฆ๐ต๐ต๐ช๐ฏ๐จ๐ด\๐๐บ๐ด๐ต๐ฆ๐ฎ ๐๐ฆ๐ณ๐ท๐ช๐ค๐ฆ๐ด
โ ๐๐ฐ๐ฎ๐ฑ๐ถ๐ต๐ฆ๐ณ ๐๐ฐ๐ฏ๐ง๐ช๐จ๐ถ๐ณ๐ข๐ต๐ช๐ฐ๐ฏ\๐๐ณ๐ฆ๐ง๐ฆ๐ณ๐ฆ๐ฏ๐ค๐ฆ๐ด\๐๐ฐ๐ฏ๐ต๐ณ๐ฐ๐ญ ๐๐ข๐ฏ๐ฆ๐ญ ๐๐ฆ๐ต๐ต๐ช๐ฏ๐จ๐ด\๐๐ฆ๐ณ๐ท๐ช๐ค๐ฆ๐ด
But for this use case,ย the first option is just fine.
โ๏ธย ๐ฆ๐ฝ๐ฒ๐ฐ๐ถ๐ฎ๐น ๐ป๐ผ๐๐ฒ:
The Print Spooler is a known risk โย ๐ฒ๐๐ฝ๐ฒ๐ฐ๐ถ๐ฎ๐น๐น๐ ๐ผ๐ป ๐๐ผ๐บ๐ฎ๐ถ๐ป ๐๐ผ๐ป๐๐ฟ๐ผ๐น๐น๐ฒ๐ฟ๐.ย Itโs true that DCs use the spooler for print pruning (cleaning stale print queues in AD), but this is a trade-off not worth the exposure.
If you disable the spooler, just schedule regular pruning instead โ and enjoy a much smaller attack surface.
โ Thatโs all it takes to improve your security today.
