Learn What IT Pros Need to Know About Windows 11 - August 24th at 1 PM ET! Learn What IT Pros Need to Know About Windows 11 - August 24th at 1 PM ET!
Windows 10|Windows 11|Windows 7|Windows 8|Windows Client OS|Windows Server

Microsoft’s PrintNightmare Patch Not Effective Against Vulnerability

Disable Printspooler
A simple way to determine if PrintSpooler is running is to use PowerShell

Late yesterday, Microsoft released a patch that was expected to close the vulnerability that is known as PrintNightmare. The patch, which you can install via Windows Update and was released out-of-band, was known to not fully address all instances of Windows and Server but now it looks like researchers have uncovered that the patch is ineffective against the vulnerability.

As of the time of this post, it is recommended that you disable the PrintSpooler service immediately to stop attacks on your environments using the zero-day exploit. And considering how widespread this exploit has been covered on sites like Petri and that several attempts to patch it have failed, malicious actors are likely increasing their scans for easy attack targets using the vulnerability.

If you are unsure if the service is running, you can take the following steps to determine if the service is running and how to disable the service with Group Policy:

  1. Hit Windows Key and type PowerShell
  2. Enter the following command: Get-Service -Name Spooler
  3. If you see the words “running” this means the service is running.

If the Print Spooler is running or if the service is not set to disabled, select one of the following options to either disable the Print Spooler service, or to Disable inbound remote printing through Group Policy:

Sponsored Content

Read the Best Personal and Business Tech without Ads

Staying updated on what is happening in the technology sector is important to your career and your personal life but ads can make reading news, distracting. With Thurrott Premium, you can enjoy the best coverage in tech without the annoying ads.

Option 1 – Disable the Print Spooler service

  1. If disabling the Print Spooler service is appropriate for your enterprise, use the following PowerShell commands:
  2. Stop-Service -Name Spooler -Force
  3. Set-Service -Name Spooler -StartupType Disabled
  4. Impact of workaround Disabling the Print Spooler service disables the ability to print both locally and remotely.

Option 2 – Disable inbound remote printing through Group Policy

  1. Computer Configuration / Administrative Templates / Printers
  2. Disable the “Allow Print Spooler to accept client connections:” policy to block remote attacks.
  3. You must restart the Print Spooler service for the group policy to take effect.

While disabling the service is easy on paper, the reality is that when you are working with thousands of servers and if you are responsible for managing multiple customers, this can be a serious headache. Add on top the fact that a patch was released which means admins have been up late patching only to learn that it’s not effective, and you have a recipe for serious frustration.

That does not include the fact that when the initial patch was released yesterday, not every version of Windows 10 or server was included.

But, it’s not like Microsoft is sitting idle and intentionally making this process more painful than it should be as releasing patches comes with its own risks of corrupting other functional parts of an operating system if not properly reviewed and tested before release. That being said, the PrintNightmare continues and for now, the only option is to disable PrintSpooler service.

Related Topics:

BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (0)

Leave a Reply

Brad Sams has more than a decade of writing and publishing experience under his belt including helping to establish new and seasoned publications From breaking news about upcoming Microsoft products to telling the story of how a billion dollar brand was birthed in his book, Beneath a Surface, Brad is a well-rounded journalist who has established himself as a trusted name in the industry.

Register for Advanced Microsoft 365 Day!

GET-IT: Advanced Microsoft 365 1-Day Virtual Conference - Live August 24th!

Join us on Tuesday, August 24th and hear from Microsoft MVPs and industry experts about how to take advantage of Microsoft 365 at a technical level and dive deep into the features and functionality that will make your environment more secure and compliant.

RSVP Now

Sponsored By