Windows Print Spooler Remote Code Execution Vulnerability
-
Our investigation has shown that the OOB security update is working as designed and is effective against the known printer spooling exploits and other public reports collectively being referred to as PrintNightmare. All reports we have investigated have relied on the changing of default registry setting related to Point and Print to an insecure configuration.
Source: Clarified Guidance CVE-2021-34527 Windows Print Spooler Vulnerability (4th paragraph)
-
-
I do not have that registry key in my system either.
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint
-
Do be aware anytime you print - whether printing to paper or to a document such as PDF, you're invoking (using) the
Print Spooler.
Bottom line is if you "print" you're using the print spooler which is the risk
it's only a "risk" when there's an active internet connection
I cut-off my internet connection before printing something to my local HP printer then later re-establish net connection since I only do occasional printing
no need for me to disable the print spooler service which is a little extreme, imho
-
it's only a "risk" when there's an active internet connection
I cut-off my internet connection before printing something to my local HP printer then later re-establish net connection since I only do occasional printing
no need for me to disable the print spooler service which is a little extreme, imho
This makes not sense. If I'm going to disconnect from the internet I might as well not own a PC.
-
-
it's only a "risk" when there's an active internet connection
I cut-off my internet connection before printing something to my local HP printer then later re-establish net connection since I only do occasional printing
no need for me to disable the print spooler service which is a little extreme, imho
It also doesn't make sense to think that the print spooler service is only available while you're using it.
-
Thank you for the info on older versions! I have Windows Home version 1903 18362.1441. Which one would work for me?
- - - Updated - - -
I can't say if you're vulnerable or not but installing this
July 6 KB5004945 patch you should be safe
Good luck.
Thank you.
Last edited by happyheart; 14 Jul 2021 at 03:18.
Reason: Couldn't get quotes to show correctly - like other peoples quotes.
-
Anyone still having issues trying to get this to install, use the Powershell update method.
-
-
My W10 Home 20H2 desktop installed July Cumulative Updates kb5004945 & kb5004237. Plus I disabled Print Spooler in Services.
I tried to install Group Policy Editor twice (from majorgeeks website), got install errors twice, said I didn't have adm rights, even though second time I downloaded file and tried to install while logged in as adm. I never saw where you could click on 'run as adm'.
If CU kb5004237 fixes the problem:
Do I still need to try to get Group Policy Editor installed in W10 Home? (in order to Disable inbound remote printing)
thanks
-
-
My W10 Home 20H2 desktop installed July Cumulative Updates kb5004945 & kb5004237. Plus I disabled Print Spooler in Services.
I tried to install Group Policy Editor twice (from majorgeeks website), got install errors twice, said I didn't have adm rights, even though second time I downloaded file and tried to install while logged in as adm. I never saw where you could click on 'run as adm'.
If CU kb5004237 fixes the problem:
Do I still need to try to get Group Policy Editor installed in W10 Home? (in order to Disable inbound remote printing)
thanks
No, you don't need it if you don't have this key in registry: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint