Jump to content
  • Microsoft suggests once again to disable the Print Spooler to protect against new 0-day vulnerability


    Karlston

    • 927 views
    • 3 minutes
     Share


    • 927 views
    • 3 minutes

    Several Windows printing related vulnerabilities have been discovered, disclosed and resolved in recent time. Microsoft released an emergency update in July to address a vulnerability dubbed PrintNightmare.

     

    This week, Microsoft disclosed yet another printing related vulnerability in Windows. The CVE reveals little information at this point as Microsoft's investigation is still ongoing.

     

    According to the provided information, it is a remote code execution vulnerability that does affect the Windows Print Spooler.

    A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

    Microsoft does not list the affected versions and editions of the company's Windows operating system, as research is still ongoing. All versions of Windows were affected by PrintNightmare, and it is possible that the new 0-day vulnerability affects all versions as well.

     

    Microsoft notes that it is working on a security patch, which it will likely release as an out-of-band patch once produced.

     

    Workaround: disable the Print Spooler

     

    Microsoft's workaround for protecting systems against attacks targeting the new Print Spooler vulnerability is to disable the Print Spooler. The downside to disabling the Print Spooler is that printing becomes unavailable.

    One of the PrintNightmare vulnerability workarounds was to stop the Print Spooler as well.

     

    Disable Print Spooler via PowerShell

     

    print-spooler-stop-powershell.png

     

    1. Open Start.
    2. Type PowerShell.
    3. Select Run as administrator.
    4. Run Get-Service -Name Spooler to get the status of the print spooler-
    5. Run Stop-Service -Name Spooler -Force to stop the Print Spooler service.
    6. Run Set-Service -Name Spooler -StartupType Disabled to set the startup type of the service to disabled so that it is not activated on system start.

     

    Disable Print Spooler via Services

     

    print-spooler-service.png

     

    You may also use the Services management interface to stop the Print Spooler service and set its startup type to disabled.

     

    1. Open Start.
    2. Type services.msc
    3. Locate the Print Spooler service. The list is sorted alphabetically by default.
    4. Right-click on Print Spooler and select Stop.
    5. Double-click on Print Spooler.
    6. Set the Startup Type to disabled.
    7. Select Ok.

     

    Effect of the workaround

     

    You won't be able to print anymore on the device if the Print Spooler service is not running. You could enable it on demand, e.g. just the moment before you start a new print job on the device, and turn it off afterwards again.

     

     

    Microsoft suggests once again to disable the Print Spooler to protect against new 0-day vulnerability


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...