Table of Contents
Windows Print Spooler is back!
Earlier this week a critical unpatched security flaw in the Windows Print Spooler service was discovered. Using it hackers can remotely execute code, edit data, potentially install applications, and create new accounts with system-level privileges. Certainly, it is upsetting as the attacker can get into your Windows.
But worry not, if there’s a way to fix the Print Spooler vulnerability that leads to PrintNightmare. In this post, we will discuss all of it in detail.
Microsoft has assigned CVE-2021-34527 to the remote code execution vulnerability that affects Windows Print Spooler. Get more info here: https://t.co/OarPvNCX7O
— Microsoft Security Intelligence (@MsftSecIntel) July 2, 2021
But before that, let us know what Print Spooler Service is.
What is Print Spooler Service?
In simple words, Print Spooler is a software interface or service that controls the order in which documents will be printed. The service runs in the background and has a negligible impact on user productivity.
However, attackers have been found exploiting the Print Spooler service by authenticated remote code execution with admin privileges. This makes fixing the issue even more important.
|Latest Update – Print Nightmare Security Flaw
To address the remote code execution (RCE) vulnerability- known as PrintNightmare (CVE-2021-34527) Microsoft has released out-of-band security updates and the update is labeled as KB5004945. This means before Patch Tuesday Microsoft is releasing an update to address Windows 10 PrintNightmare vulnerability disclosed last week. But some versions are not included in the update.
Which all versions are not included in the update?
- Windows 10 version 1607
- Windows Server 2016
- Windows Server 2012
Updates for these versions are forthcoming. With that said, if you are running any of the above versions and want to stay protected, follow these fixes.
How to Fix PrintNightmare Print Spooler Vulnerability
Disable Print Spooler Service
Note: Disabling the Print Spooler service means you will not be able to perform printing tasks both remotely and locally.
- Press Windows + X
- From the context menu, select Windows PowerShell (Admin)
- If you have UAC activated, you will be asked to allow the app to make changes to your device.Click Yes.
- Now that you have the PowerShell window open in front of you, type Stop-Service -Name Spooler -Force > press Enter key.
- Afterward, type Set-Service -Name Spooler -StartupType Disabled > ok
Running this command will stop the Spooler from starting at boot time.
Now that you have disabled the service from running at startup, you have protected your system from being a victim to PrintNightmare that is exploited via Print Spooler service.
How to enable Print Spooler service?
Say you disabled the service, as the patch to fix PrintNightmare wasn’t available, but it is now there, and you want to use the Print Spooler service. Here’s how to enable it.
- Press Windows + X select Windows PowerShell (Admin).
- When asked to allow the app click Yes.
- Next, in the PowerShell window, type Set-Service -Name Spooler -StartupType Automatic > hit Enter key.
- Once the above command is executed, enter Start-Service -Name Spooler > press Enter key.
This will enable the Print Spooler service on your Windows, and you can now print any document both locally or remotely.
Disable Print Spooler Using Group Policy Editor
If you are using Windows 10 Pro or Enterprise, you will need to follow these steps to disable Print Spooler.
Note: Below steps won’t work for Windows 10 Home version.
- Press Windows + R to launch the Run window.
- Type gpedit.msc in box > Ok.
- This will open the Local Policy Editor > here at the top of the Policy Editor window in the search bar enter the following path:
Computer Configuration > Administrative Templates > Printers.
- Scroll down > double-click on Allow Print Spooler to accept client connections.
- Here, select Disabled.
- Click Apply > OK to save changes.
Enable Print Spooler Using Group Policy Editor
If the patch for PrintNightmare is available, and you would like to enable Print Spooler on Windows Enterprise or Pro follow these steps:
- Press Windows + R to open the Run window.
- Type gpedit.msc > OK
- Go to the following path Computer Configuration > Administrative Templates > Printers.
- Navigate to Allow Print Spooler to accept client connections, double-click, and select Not Configured.
- Click Apply > Ok to save changes.
This will help enable Print Spooler on your Windows machine.
Stay Protected from zero-day vulnerability.
The best way to stay protected against zero-day vulnerability, malware, virus, and other similar threats is to use the best antivirus tool. For this we suggest using Systweak Antivirus, a tool that comes with real-time protection, malware protection, exploit protection, and web protection.
Download Systweak Antivirus
Using it, you can add a layer of protection to your system and can stay protected from threats like PrinNightmare
In addition to this, whenever a patch for any security vulnerability is available, always install and run it. This helps stay protected and fix all the known and unknown security issues.
Moreover, if you don’t use your system for printing you can keep Print Spooler disabled and can enable it when required. We hope you found the information shared in the post helpful and will use the steps to stay secure. Do share your feedback about the guide and if you want us to write on anything specific share the same in the comments section.