MS.Windows.Print.Spooler.Service.GetPrinterData.DoS
Description
This indicates an attempt to exploit a denial of service vulnerability in the Microsoft Windows Print Spooler service.
The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size). A remote attacker can exploit this issue to crash the affected service, denying service to legitimate users.
Affected Products
Microsoft Windows 2000 Server SP4
Microsoft Windows 2000 Professional SP4
Microsoft Windows 2000 Datacenter Server SP4
Microsoft Windows 2000 Advanced Server SP4
Impact
Denial of service.
Recommended Actions
Disable the Print Spooler service by using the following command : sc stop Spooler & sc config Spooler start=disabled
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |