Microsoft recently patched the “PrintNightmare” vulnerability in Windows PCs with urgent updates to the Windows Print Spooler service. This new update was meant for all Windows 10 versions,which includes the most recent May 2021 Update ( ver. 21H1) and October 2020 Update ( ver. 20H2).
What is a Print Spooler?
It is a service provided by Microsoft for managing and monitoring files that are printing. It is one of the oldest features on Windows and has had very few updates since it launched.
What is Print Spooler vulnerability?
The vulnerability allows third-party attackers to get remote access. As the Print Spooler has direct access to the kernel, the attacker can gain access to the whole operating system and run a remote code with system privileges and manipulate the Domain Controller.
The best way to tackle this problem is to disable the Print Spooler on sensitive servers and workstations.
According to Dvir, 90% of servers do not require Print Spooler and disabling it can solve the problem.
Here is how to mitigate Microsoft print spooler vulnerability:
Search “PowerShell”, right-click on it and click on Run on administrator.
Type command : “Stop-Service- Name Spooler- Force”, and press Enter.
Type command: Set-Service-Name Spooler-Startup Type Disabled”, to prevent the service from starting back up again when you restart your laptop or PC.
Article by- Aaditya Surya Vedantam