Windows 10|Windows 11|Windows 7|Windows 8|Windows Client OS|Windows Server

Microsoft’s PrintNightmare Patch Not Effective Against Vulnerability

Disable Printspooler
A simple way to determine if PrintSpooler is running is to use PowerShell

Late yesterday, Microsoft released a patch that was expected to close the vulnerability that is known as PrintNightmare. The patch, which you can install via Windows Update and was released out-of-band, was known to not fully address all instances of Windows and Server but now it looks like researchers have uncovered that the patch is ineffective against the vulnerability.

As of the time of this post, it is recommended that you disable the PrintSpooler service immediately to stop attacks on your environments using the zero-day exploit. And considering how widespread this exploit has been covered on sites like Petri and that several attempts to patch it have failed, malicious actors are likely increasing their scans for easy attack targets using the vulnerability.

If you are unsure if the service is running, you can take the following steps to determine if the service is running and how to disable the service with Group Policy:

  1. Hit Windows Key and type PowerShell
  2. Enter the following command: Get-Service -Name Spooler
  3. If you see the words “running” this means the service is running.

If the Print Spooler is running or if the service is not set to disabled, select one of the following options to either disable the Print Spooler service, or to Disable inbound remote printing through Group Policy:

Sponsored Content

What is “Inside Microsoft Teams”?

“Inside Microsoft Teams” is a webcast series, now in Season 4 for IT pros hosted by Microsoft Product Manager, Stephen Rose. Stephen & his guests comprised of customers, partners, and real-world experts share best practices of planning, deploying, adopting, managing, and securing Teams. You can watch any episode at your convenience, find resources, blogs, reviews of accessories certified for Teams, bonus clips, and information regarding upcoming live broadcasts. Our next episode, “Polaris Inc., and Microsoft Teams- Reinventing how we work and play” will be airing on Oct. 28th from 10-11am PST.

Option 1 – Disable the Print Spooler service

  1. If disabling the Print Spooler service is appropriate for your enterprise, use the following PowerShell commands:
  2. Stop-Service -Name Spooler -Force
  3. Set-Service -Name Spooler -StartupType Disabled
  4. Impact of workaround Disabling the Print Spooler service disables the ability to print both locally and remotely.

Option 2 – Disable inbound remote printing through Group Policy

  1. Computer Configuration / Administrative Templates / Printers
  2. Disable the “Allow Print Spooler to accept client connections:” policy to block remote attacks.
  3. You must restart the Print Spooler service for the group policy to take effect.

While disabling the service is easy on paper, the reality is that when you are working with thousands of servers and if you are responsible for managing multiple customers, this can be a serious headache. Add on top the fact that a patch was released which means admins have been up late patching only to learn that it’s not effective, and you have a recipe for serious frustration.

That does not include the fact that when the initial patch was released yesterday, not every version of Windows 10 or server was included.

But, it’s not like Microsoft is sitting idle and intentionally making this process more painful than it should be as releasing patches comes with its own risks of corrupting other functional parts of an operating system if not properly reviewed and tested before release. That being said, the PrintNightmare continues and for now, the only option is to disable PrintSpooler service.

Related Topics:

BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (0)

Leave a Reply

Brad Sams has more than a decade of writing and publishing experience under his belt including helping to establish new and seasoned publications From breaking news about upcoming Microsoft products to telling the story of how a billion dollar brand was birthed in his book, Beneath a Surface, Brad is a well-rounded journalist who has established himself as a trusted name in the industry.
External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by:

 
Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: