From 527a3cb8cd54d208e60f0c152f8fa2eaaf016591 Mon Sep 17 00:00:00 2001
From: INIT_6 <init6@init6.me>
Date: Fri, 2 Jul 2021 07:27:00 -0500
Subject: [PATCH] Added new possible ErrorCode

---
 .../builtin/win_exploit_cve_2021_1675_printspooler.yml    | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/rules/windows/builtin/win_exploit_cve_2021_1675_printspooler.yml b/rules/windows/builtin/win_exploit_cve_2021_1675_printspooler.yml
index cb606839c..dd9c2ac35 100644
--- a/rules/windows/builtin/win_exploit_cve_2021_1675_printspooler.yml
+++ b/rules/windows/builtin/win_exploit_cve_2021_1675_printspooler.yml
@@ -17,11 +17,13 @@ logsource:
     service: printservice-admin
 detection:
     selection:
-        EventID: 
+        EventID:
             - 808   # old id
             - 4909  # new id
-        ErrorCode: '0x45A'
-    keywords: 
+        ErrorCode:
+            - '0x45A'
+            - '0x7e'
+    keywords:
         - 'The print spooler failed to load a plug-in module'
         # default file names used in PoC codes
         - 'MyExploit.dll'