Learn about the vulnerability known as PrintNightmare (CVE-2021-1675) and (CVE-2021-34527)
Event Viewer > Applications and Services Logs > Microsoft > Windows > PrintService > Admin
%SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-PrintService%4Admin.evtx
Log Name: Microsoft-Windows-PrintService/Admin
Source: Microsoft-Windows-PrintService
Date: 8/13/2021 10:33:40 AM
Event ID: 808
Task Category: Initializing
Level: Error
Keywords: Print Spooler
User: SYSTEM
Computer: Finance-01.THMdepartment.local
Description:
The print spooler failed to load a plug-in module C:\Windows\system32\spool\DRIVERS\x64\3\svch0st.dll, error code 0x45A. See the event user data for context information.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-PrintService" Guid="{747ef6fd-e535-4d16-b510-42c90f6873a1}" />
<EventID>808</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>36</Task>
<Opcode>12</Opcode>
<Keywords>0x8000000000020000</Keywords>
<TimeCreated SystemTime="2021-08-13T17:33:40.312868200Z" />
<EventRecordID>3</EventRecordID>
<Correlation />
<Execution ProcessID="2244" ThreadID="6744" />
<Channel>Microsoft-Windows-PrintService/Admin</Channel>
<Computer>Finance-01.THMdepartment.local</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<LoadPluginFailed xmlns="http://manifests.microsoft.com/win/2005/08/windows/printing/spooler/core/events">
<PluginDllName>C:\Windows\system32\spool\DRIVERS\x64\3\svch0st.dll</PluginDllName>
<ErrorCode>0x45a</ErrorCode>
<Context>112</Context>
</LoadPluginFailed>
</UserData>
</Event>
