Update README.md

README.md

@@ -8,6 +8,16 @@ Execute malicious DLL's remote or locally
 
 ![](Images/poc2.png)
 
+### Patch update
+Microsoft has released a patch to mitigate against these attacks but if these values below are present on a machine, then the machine will still be vulnerable
+```
+REG QUERY "HKLM\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint"
+
+HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint
+    RestrictDriverInstallationToAdministrators    REG_DWORD    0x0
+    NoWarningNoElevationOnInstall    REG_DWORD    0x1
+```
+
 ### Installation
 
 Before running the exploit you need to install my version of Impacket and after that you're gucci
@@ -89,8 +99,9 @@ REG ADD "HKLM\System\CurrentControlSet\Control\Lsa" /v RestrictAnonymous /t REG_
 We can use `rpcdump.py` from impacket to scan for potential vulnerable hosts, if it returns a value, it could be vulnerable 
 
 ```bash
-rpcdump.py @192.168.1.10 | grep MS-RPRN
+rpcdump.py @192.168.1.10 | egrep 'MS-RPRN|MS-PAR'
 
+Protocol: [MS-PAR]: Print System Asynchronous Remote Protocol 
 Protocol: [MS-RPRN]: Print System Remote Protocol
 ```
 
@@ -103,9 +114,5 @@ Stop-Service Spooler
 REG ADD  "HKLM\SYSTEM\CurrentControlSet\Services\Spooler"  /v "Start" /t REG_DWORD /d "4" /f
 ```
 
-Or Uninstall Print-Services
 
-```powershell
-Uninstall-WindowsFeature Print-Services
-```