Print Nightmare Vulnerability Fix How to Fix Print Nightmare Vulnerability in your PC

Print Nightmare Vulnerability Fix

When print capabilities are accessible to the Internet, attackers may take advantage of them remotely. Attackers may also exploit it to elevate system privileges after gaining a foothold within a susceptible network through another vulnerability. In either scenario, the attackers may take control of the domain controller, which is one of the most security-sensitive assets on any Windows network since it is the server that authenticates local users.

According to experts, a major security vulnerability in all supported versions of Windows that enables attackers to take control of infected computers and execute malware of their choosing is not completely fixed by an emergency patch released by Microsoft on Tuesday.

The threat, dubbed PrintNightmare, is caused by flaws in the Windows print spooler, which allows users to print inside their local networks. The proof-of-concept exploit code was made public before being taken back, but not before it was duplicated by others. CVE-2021-34527 is the name given to the vulnerability by researchers.

Print Nightmare Vulnerability Fix from Microsoft

Determine if the Print Spooler service is running

Run the following in Windows PowerShell:

Get-Service -Name Spooler

If the Print Spooler is running or if the service is not set to disabled, select one of the following options to either disable the Print Spooler service, or to Disable inbound remote printing through Group Policy:

Option 1 - Disable the Print Spooler service

If disabling the Print Spooler service is appropriate for your enterprise, use the following PowerShell commands:

Stop-Service -Name Spooler -Force

Set-Service -Name Spooler -StartupType Disabled

Impact of workaround Disabling the Print Spooler service disables the ability to print both locally and remotely.

Option 2 - Disable inbound remote printing through Group Policy

You can also configure the settings via Group Policy as follows:

Computer Configuration / Administrative Templates / Printers

Disable the “Allow Print Spooler to accept client connections:” policy to block remote attacks.

You must restart the Print Spooler service for the group policy to take effect.

Enjoyed this article? Stay informed by joining our newsletter!

Comments
About me

Jennifer Jade writes on critical matters. Write up is aimed at common sense discourse rather than generating hatred.