Wallace_n_Gromit
Senior Member
July 8. 2021 UPDATE:
arstechnica.com
Note: The article does make this point: "...Despite Tuesday’s out-of-band patch being incomplete, it still provides meaningful protection against many types of attacks that exploit the print spooler vulnerability. So far, there are no known cases of researchers saying it puts systems at risk. Unless that changes, Windows users should install both the patch from June and Tuesday and await further instructions from Microsoft..."
July 6, 2021 UPDATE:
www.windowslatest.com
July 2, 2021 Original Post:
nakedsecurity.sophos.com
us-cert.cisa.gov
I typically disable some running services that I rarely use as a matter of habit at boot up--so I always see the displayed services on my taskbar (such as [Safely Remove Hardware and Eject Media], [Windows Security - No actions needed], [Epson Event Manager], [NordVPNapp], etc., etc. << I don't remove those.
So, several days ago (I don't recall if I left the computer on overnight or booted up) I see a new service icon that refers to Fax (I didn't write it down, or take a pic but had never seen it before). I believe I disabled it and haven't seen it since.
TODAY, with word of this "PrintNightmare" vulnerability, I am a bit concerned.
I disabled Fax and Print Spooler service(s) which were both enabled per the article's recommendation a few minutes ago.
As of this moment, I am running Malwarebytes and a Windows Defender quick scan. I will soon do a Windows Defender full scan, then a Windows Defender Offline scan.
Can anyone offer a comment/recommendation/idea/thought?
ADD: Malwarebytes shows no threat. Windows Defender quick scan shows one threat (though can't figure out how to see it). Windows Defender Offline scan is done - no message(s). Running Windows Defender full scan now.
I do recall that the other day Windows Defender full scan did ID a (potential) threat called "EProjManager.exe". Looking for info on this online found that a file with that name is ID'ed as an Epson Printer file. I allowed Defender to get rid of it. I just used [File Manager} to do a search for a file with that name for possible submission to Virus Total. Can't find it.
ADD #2: I'm uninstalling all my Epson programs/files/drivers. If they offered it, I installed it, including that program that allows web side printing. What a crazy thing to do, eh? (in my defense I did that long before I joined this user group and had long forgotten I had done that)
Microsoft’s emergency patch fails to fix critical “PrintNightmare” vulnerability
Microsoft’s emergency patch fails to fix critical “PrintNightmare” vulnerability
Game-over code-execution attacks are still possible even after fix is installed.
arstechnica.com
Note: The article does make this point: "...Despite Tuesday’s out-of-band patch being incomplete, it still provides meaningful protection against many types of attacks that exploit the print spooler vulnerability. So far, there are no known cases of researchers saying it puts systems at risk. Unless that changes, Windows users should install both the patch from June and Tuesday and await further instructions from Microsoft..."
July 6, 2021 UPDATE:
Windows 10 KB5004945 emergency update released to fix PrintNightmare
Windows 10 KB5004945 emergency update released to fix PrintNightmare
Windows 10 KB5004945 emergency update is rolling out to address a new Windows zero-day vulnerability called “PrintNightmare”. According to reports, PrintNightmare vulnerability is being actively exploited by attackers to achieve local privilege and remote code execution on affected machines...
www.windowslatest.com
July 2, 2021 Original Post:
Naked Security – Sophos News
nakedsecurity.sophos.com
PrintNightmare, Critical Windows Print Spooler Vulnerability | CISA
us-cert.cisa.gov
I typically disable some running services that I rarely use as a matter of habit at boot up--so I always see the displayed services on my taskbar (such as [Safely Remove Hardware and Eject Media], [Windows Security - No actions needed], [Epson Event Manager], [NordVPNapp], etc., etc. << I don't remove those.
So, several days ago (I don't recall if I left the computer on overnight or booted up) I see a new service icon that refers to Fax (I didn't write it down, or take a pic but had never seen it before). I believe I disabled it and haven't seen it since.
TODAY, with word of this "PrintNightmare" vulnerability, I am a bit concerned.
I disabled Fax and Print Spooler service(s) which were both enabled per the article's recommendation a few minutes ago.
As of this moment, I am running Malwarebytes and a Windows Defender quick scan. I will soon do a Windows Defender full scan, then a Windows Defender Offline scan.
Can anyone offer a comment/recommendation/idea/thought?
ADD: Malwarebytes shows no threat. Windows Defender quick scan shows one threat (though can't figure out how to see it). Windows Defender Offline scan is done - no message(s). Running Windows Defender full scan now.
I do recall that the other day Windows Defender full scan did ID a (potential) threat called "EProjManager.exe". Looking for info on this online found that a file with that name is ID'ed as an Epson Printer file. I allowed Defender to get rid of it. I just used [File Manager} to do a search for a file with that name for possible submission to Virus Total. Can't find it.
ADD #2: I'm uninstalling all my Epson programs/files/drivers. If they offered it, I installed it, including that program that allows web side printing. What a crazy thing to do, eh? (in my defense I did that long before I joined this user group and had long forgotten I had done that)
Last edited:
