PrintNightmare – CVE-2021-1675 & CVE-2021-34527

There is no patch as of yet, hence this workaround need to be applied.

PowerShell:

  • Determine if the Print Spooler service is running:
Get-Service -Name Spooler
  • Stop and disable the Print Spooler service
Stop-Service -Name Spooler -Force
Set-Service -Name Spooler -StartupType Disabled

Impact of workaround Disabling the Print Spooler service disables the ability to print both locally and remotely.

BigFix:

  • Run this action:
waithidden powershell.exe Stop-Service -Name spooler
waithidden powershell.exe Set-Service -Name Spooler -StartupType Disabled

Impact of workaround Disabling the Print Spooler service disables the ability to print both locally and remotely.

Group Policy:

  • Open the Group Policy Management console (gpmc.msc).
  • Navigate to Computer Configuration / Administrative Templates / Printers
  • Disable the “Allow Print Spooler to accept client connections:” policy to block remote attacks.
  • You must restart the Print Spooler service for the group policy to take effect.

Impact of workaround This policy will block the remote attack vector by preventing inbound remote printing operations. The system will no longer function as a print server, but local printing to a directly attached device will still be possible.

Please like and share to spread the knowledge in the community.

Visit my FB page: https://www.facebook.com/AngrySysOps

Subscribe to my YouTube channel: https://www.youtube.com/channel/UCRTcKGl0neismSRpDMK_M4A

Please leave the comment