This previously classed as a local only attack, but someone has weaponised it and it's now possible to execute cod remotely using this service on an AD server
CVE-2021-1675 is exploitable without any high privileges and results in remote SYSTEM from a regular Domain User's account.
There is an article regarding it on El Reg https://www.theregister.com/2021/06/30/windows_print_spool_vuln_rce/
Matthew Hickey (@hackerfantastic) tweeted pictures of a PoC with the following:
Fully patched Windows 2019 domain controller, popped with 0day exploit (CVE-2021-1675) from a regular Domain User's account giving full SYSTEM privileges. Disable "Print Spooler" service on servers that do not require it.
Here's a good doc about Windows Server services you should disable for performance or security purposes https://docs.microsoft.com/en-us/windows-server/security/windows-services/security-guidelines-for-di...
Matthew Hickey has written a book if you're interested in furthering your knowledge and skillset called 'Hands on Hacking', I would definitely recommend it!