Windows Print Spooler Remote Code Execution Vulnerability

This exploit only affects Domain Controllers not workstations. I am not worried about it because our Windows workstation rarely gets used and in no way is not a Windows Server Edition or behaves as a DC. Workaround for the Windows Print Spooler Remote Code Execution Vulnerability - gHacks Tech News

Stopping the Spooler service means jobs are going to sit on the machine until you physically go into the folder to purge them out.

bro67 said:

This exploit only affects Domain Controllers not workstations. I am not worried about it because our Windows workstation rarely gets used and in no way is not a Windows Server Edition or behaves as a DC. Workaround for the Windows Print Spooler Remote Code Execution Vulnerability - gHacks Tech News

Stopping the Spooler service means jobs are going to sit on the machine until you physically go into the folder to purge them out.

Thank you , sir.

This post answered a question, I had logged back in, to pose.

In my situation, there was no need to 'Disable', this, apparently.

My ignorance. No other excuse.

Just wanted to take measures to be secure.

- - - Updated - - -

bro67 said:

This exploit only affects Domain Controllers not workstations. I am not worried about it because our Windows workstation rarely gets used and in no way is not a Windows Server Edition or behaves as a DC. Workaround for the Windows Print Spooler Remote Code Execution Vulnerability - gHacks Tech News

Stopping the Spooler service means jobs are going to sit on the machine until you physically go into the folder to purge them out.

WXC said:

Thank you , sir.

This post answered a question, I had logged back in, to pose.

In my situation, there was no need to 'Disable', this, apparently.

My ignorance. No other excuse.

Just wanted to take measures to be secure.

@bro67

Should I go back into Group Editor, and set this back from 'Disabled', to 'Not Configured'? or simply, leave it be?


Single desktop PC, hardwired behind router (no wifi). Have a USB connected printer, but never use it. System specs up to date.

Apologies for bothering you.

~~~~~

I welcome anyone else to answer, as well.

Thank you.

I would leave it be, make sure your firewall on the computer and router are not wide open, machine is up to date. You do not leave your front door open or keys in your car do you? Why should you let someone take the chance to find a machine that they can get into and dig around.
Only 5.5% of all vulnerabilities are ever exploited in the wild | ZDNet
Top 10 Routinely Exploited Vulnerabilities | CISA

I onoy use a iPad and iPhone but keep them up to date, even with the Windows machine it is kept up to date. Those who never update or delay updates are just placing theirselves at risk.

In this case I funnel all emails through Microsoft’s Azure Exchange server with a Security rule in place to check
for possible phish and malware type emails. https:://krebsonsecurity.com/2021/03/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software/

Have I done some sketchy stuff on a computer, yes in attempts to try and break the OS. Have I learned from doing so, yes I have learned a lot inmbetter security practices.

bro67 said:

I would leave it be, make sure your firewall on the computer and router are not wide open, machine is up to date.

Thank you, @bro67.

I appreciate your detailed reply.

I'll leave it be, as you suggest. Everything else is good to go.

Best regards.

FIX: KB5004945 Windows 10 2004 19041.1083, 20H2 19042.1083, 21H1 19043.1083

steve108 said:

A second opinion saying Windows home users don't need to worry about this too much:
Print Nightmare is going to be a nightmare @ AskWoody

I've found it most confusing to understand whether home users need to disable to service or not. Disabled it, then decided to re-enable it based on what I read here and the above link.

You're not alone, buddy. I too, found it confusing.

As for me, I disabled it. No biggie to revert, should I need it in the future.

Take care.

Question for youse guys about disabling "Allow print spooler to accept client connections":

My other computers use my printer on wi-fi in my home LAN. Do you know whether this setting in GP will make it impossible for them to (remotely) print on my printer?

- - - Updated - - -

Never mind. In GP at the setting in question, I find this:
"When the policy is disabled, the spooler will not accept client connections nor allow users to share printers. All printers currently shared will continue to be shared."