From 6b7206ca2aaa5e413ada8a5ad0dc4262e41bf7f2 Mon Sep 17 00:00:00 2001
From: Florian Roth <venom14@gmail.com>
Date: Wed, 1 Dec 2021 14:14:53 +0100
Subject: [PATCH] fix: print driver FP

---
 rules/windows/file_event/win_cve_2021_1675_printspooler.yml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/rules/windows/file_event/win_cve_2021_1675_printspooler.yml b/rules/windows/file_event/win_cve_2021_1675_printspooler.yml
index 47b70d211..462ef78b8 100644
--- a/rules/windows/file_event/win_cve_2021_1675_printspooler.yml
+++ b/rules/windows/file_event/win_cve_2021_1675_printspooler.yml
@@ -9,7 +9,7 @@ references:
     - https://github.com/afwu/PrintNightmare
     - https://github.com/cube0x0/CVE-2021-1675
 date: 2021/06/29
-modified: 2021/07/01
+modified: 2021/12/01
 tags:
     - attack.execution
     - attack.privilege_escalation
@@ -22,8 +22,7 @@ logsource:
 detection:
     selection:
         TargetFilename|contains: 
-        - 'C:\Windows\System32\spool\drivers\x64\3\old\1\123'
-        - 'C:\Windows\System32\spool\drivers\x64\3\New\'
+            - 'C:\Windows\System32\spool\drivers\x64\3\old\1\123'
     condition: selection
 fields:
     - ComputerName