How to Stay Safe Against PrintNightmare Security Threat?

How to Stay Safe Against PrintNightmare Security Threat?

Windows Print Spooler is back!

Earlier this week a critical unpatched security flaw in the Windows Print Spooler service was discovered. Using it hackers can remotely execute code, edit data, potentially install applications, and create new accounts with system-level privileges. Certainly, it is upsetting as the attacker can get into your Windows.

But worry not, if there’s a way to fix the Print Spooler vulnerability that leads to PrintNightmare. In this post, we will discuss all of it in detail.

But before that, let us know what Print Spooler Service is.

What is Print Spooler Service?

In simple words, Print Spooler is a software interface or service that controls the order in which documents will be printed. The service runs in the background and has a negligible impact on user productivity.

However, attackers have been found exploiting the Print Spooler service by authenticated remote code execution with admin privileges. This makes fixing the issue even more important.

Latest Update – Print Nightmare Security Flaw

To address the remote code execution (RCE) vulnerability- known as PrintNightmare (CVE-2021-34527) Microsoft has released out-of-band security updates and the update is labeled as KB5004945. This means before Patch Tuesday Microsoft is releasing an update to address Windows 10 PrintNightmare vulnerability disclosed last week. But some versions are not included in the update.

Which all versions are not included in the update?

  • Windows 10 version 1607
  • Windows Server 2016
  • Windows Server 2012

Updates for these versions are forthcoming. With that said, if you are running any of the above versions and want to stay protected, follow these fixes.

Also Read: What is FileRepMalware? How Can You Get Rid of It?

How to Fix PrintNightmare Print Spooler Vulnerability

Disable Print Spooler Service

Note: Disabling the Print Spooler service means you will not be able to perform printing tasks both remotely and locally.

  1. Press Windows + X
  2. From the context menu, select Windows PowerShell (Admin)
    Windows PowerShell
  3. If you have UAC activated, you will be asked to allow the app to make changes to your device.Click Yes.
  4. Now that you have the PowerShell window open in front of you, type Stop-Service -Name Spooler -Force > press Enter key.

PowerShell

  1. Afterward, type Set-Service -Name Spooler -StartupType Disabled > ok

Running this command will stop the Spooler from starting at boot time.

Now that you have disabled the service from running at startup, you have protected your system from being a victim to PrintNightmare that is exploited via Print Spooler service.

How to enable Print Spooler service?

Say you disabled the service, as the patch to fix PrintNightmare wasn’t available, but it is now there, and you want to use the Print Spooler service. Here’s how to enable it.

  1. Press Windows + X select Windows PowerShell (Admin).
    Windows PowerShell
  2. When asked to allow the app click Yes.
  3. Next, in the PowerShell window, type Set-Service -Name Spooler -StartupType Automatic > hit Enter key.
  4. Once the above command is executed, enter Start-Service -Name Spooler > press Enter key.

This will enable the Print Spooler service on your Windows, and you can now print any document both locally or remotely.

Disable Print Spooler Using Group Policy Editor

If you are using Windows 10 Pro or Enterprise, you will need to follow these steps to disable Print Spooler.

Note: Below steps won’t work for Windows 10 Home version.

  1. Press Windows + R to launch the Run window.
  2. Type gpedit.msc in box > Ok.
    gpedit
  3. This will open the Local Policy Editor > here at the top of the Policy Editor window in the search bar enter the following path:
    Computer Configuration > Administrative Templates > Printers.
  4. Scroll down > double-click on Allow Print Spooler to accept client connections.
    Configuration
  5. Here, select Disabled.
    Disable print
  6. Click Apply > OK to save changes.

Enable Print Spooler Using Group Policy Editor

If the patch for PrintNightmare is available, and you would like to enable Print Spooler on Windows Enterprise or Pro follow these steps:

  1. Press Windows + R to open the Run window.
  2. Type gpedit.msc > OK
  3. Go to the following path Computer Configuration > Administrative Templates > Printers.
    policy editor
  4. Navigate to Allow Print Spooler to accept client connections, double-click, and select Not Configured.
    Client connections
  5. Click Apply > Ok to save changes.

This will help enable Print Spooler on your Windows machine.

Stay Protected from zero-day vulnerability.

The best way to stay protected against zero-day vulnerability, malware, virus, and other similar threats is to use the best antivirus tool. For this we suggest using Systweak Antivirus, a tool that comes with real-time protection, malware protection, exploit protection, and web protection.

Download Systweak Antivirus

Using it, you can add a layer of protection to your system and can stay protected from threats like PrinNightmare

In addition to this, whenever a patch for any security vulnerability is available, always install and run it. This helps stay protected and fix all the known and unknown security issues.

Moreover, if you don’t use your system for printing you can keep Print Spooler disabled and can enable it when required. We hope you found the information shared in the post helpful and will use the steps to stay secure. Do share your feedback about the guide and if you want us to write on anything specific share the same in the comments section.

Related Topics

Quick Reaction:

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe & be the first to know!

Signup for your newsletter and never miss out on any tech update.