There is no patch as of yet, hence this workaround need to be applied.
PowerShell:
- Determine if the Print Spooler service is running:
Get-Service -Name Spooler
- Stop and disable the Print Spooler service
Stop-Service -Name Spooler -Force
Set-Service -Name Spooler -StartupType Disabled
Impact of workaround Disabling the Print Spooler service disables the ability to print both locally and remotely.
BigFix:
- Run this action:
waithidden powershell.exe Stop-Service -Name spooler waithidden powershell.exe Set-Service -Name Spooler -StartupType Disabled
Impact of workaround Disabling the Print Spooler service disables the ability to print both locally and remotely.
Group Policy:
- Open the Group Policy Management console (gpmc.msc).
- Navigate to Computer Configuration / Administrative Templates / Printers
- Disable the “Allow Print Spooler to accept client connections:” policy to block remote attacks.
- You must restart the Print Spooler service for the group policy to take effect.
Impact of workaround This policy will block the remote attack vector by preventing inbound remote printing operations. The system will no longer function as a print server, but local printing to a directly attached device will still be possible.
Please like and share to spread the knowledge in the community.
Visit my FB page: https://www.facebook.com/AngrySysOps
Subscribe to my YouTube channel: https://www.youtube.com/channel/UCRTcKGl0neismSRpDMK_M4A