Login

Register

Login

Register

How to mitigate Print Spooler vulnerability on Windows 10 | #microsoft | #hacking | #cybersecurity | #cybersecurity | #infosecurity | #hacker


Yesterday, Microsoft released multiple Windows updates to fix the widely reported “PrintNightmare” vulnerability in the Windows Print Spooler service.

According to Microsoft, this vulnerability is impacting all Windows 10 versions, including the most recent May 2021 Update (version 21H1) and version 20H2 (October 2020 Update).

To deploy Microsoft’s patch, you need to check for updates under Updates & Security > Windows Update and apply the latest July update, and reboot the system when prompted.

Alternatively, you can install the emergency update manually from the Microsoft Update catalog if you are unable to do so via the normal Windows Update procedure.

However, researchers have revealed that Microsoft’s patch is incomplete and attackers can still abuse the vulnerability to gain access to the system. Thankfully, you can temporarily disable the Windows Print Spooler service to mitigate the vulnerability until a proper fix is released.

In this guide, we will highlight the steps to disable the Windows Print Spooler service and mitigate the PrintNightmare CVE-2021-34527 vulnerability.

Disable Print Spooler service on Windows 10 using PowerShell

To mitigate the PrintNightmare vulnerability using PowerShell, follow these steps:

  1. Right-click on the Start Menu or press Windows+X.
  2. Click “Windows PowerShell (Admin).”
    Open PowerShell
  3. Enter the following command to stop the Spooler service:
    Stop-Service -Name Spooler -Force
    Disable Print Spooler
  4. Enter the following command to block Print service from starting again in future.
    Set-Service -Name Spooler -StartupType Disabled
    Block Print Spooler service
  5. Close PowerShell window.

If you want to re-enable the Print Spooler service, follow these steps

  1. Right-click on the Start Menu or press Windows+X.
    Open PowerShell
  2. Click “Windows PowerShell (Admin).”
  3. Enter the following command to enable the Spooler service:
    Set-Service -Name Spooler -StartupType Automatic
    Enable Print Spooler
  4. Enter the following command to restart Print service:
    Start-Service -Name Spooler
    Start Print Spooler
  5. Close PowerShell window.

Disable Print Spooler service on Windows 10 using Group Policy editor

To mitigate the PrintNightmare vulnerability using Group Policy editor on Windows 10 Pro and Enterprise, follow these steps:

  1. Open Start Menu or Windows Search and enter gpedit.msc to open the Local Group Policy Editor.
  2. In Group Policy editor, navigate to the following path: Computer Configuration > Administrative Templates > Printers
  3. Double-tap the Allow Print Spooler to accept client connections policy.
  4. Select the Disabled option.
  5. Tap on the Apply button and select OK.

When the policy is disabled, Microsoft says the spooler will automatically reject the client connections and prevent users from sharing printers. However, all printers currently shared will continue to be shared.

The spooler must be restarted for changes to this policy to take effect. To restart the spooler service, follow these steps:

  1. Open Start menu.
  2. Type “Services
  3. Double-click “Printer Spooler” in the Services list.
    Restart Print Spooler service
  4. Click Restart.
  5. Click OK.

If you want to re-enable Print Spooler using Group Policy editor, follow these steps:

  1. Open Start Menu and enter gpedit.msc to open the Local Group Policy Editor.
  2. In Group Policy editor, navigate to the following path: Computer Configuration > Administrative Templates > Printers
  3. Double-tap the Allow Print Spooler to accept client connections policy.
  4. Select the Not configured or Enabled option.
  5. Tap on the Apply button and select OK.



Original Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


Ads

NATIONAL CYBER SECURITY RADIO

Ads

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW