Microsoft has introduced PrintNightmare exploitation detection capability to Microsoft Defender for Identity in order to assist Security Operations teams in detecting attackers’ efforts to exploit this severe vulnerability.
According to Microsoft, Defender for Identity now detects Windows Print Spooler service exploitation (including the currently exploited CVE-2021-34527 PrintNightmare flaw) and aids in the prevention of lateral movement across an organization’s network.