Microsoft suggests once again to disable the Print Spooler to protect against new 0-day vulnerability

Martin Brinkmann
Aug 15, 2021
Security
|
23

Several Windows printing related vulnerabilities have been discovered, disclosed and resolved in recent time. Microsoft released an emergency update in July to address a vulnerability dubbed PrintNightmare.

This week, Microsoft disclosed yet another printing related vulnerability in Windows. The CVE reveals little information at this point as Microsoft's investigation is still ongoing.

According to the provided information, it is a remote code execution vulnerability that does affect the Windows Print Spooler.

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Microsoft does not list the affected versions and editions of the company's Windows operating system, as research is still ongoing. All versions of Windows were affected by PrintNightmare, and it is possible that the new 0-day vulnerability affects all versions as well.

Microsoft notes that it is working on a security patch, which it will likely release as an out-of-band patch once produced.

Workaround: disable the Print Spooler

Microsoft's workaround for protecting systems against attacks targeting the new Print Spooler vulnerability is to disable the Print Spooler. The downside to disabling the Print Spooler is that printing becomes unavailable.

One of the PrintNightmare vulnerability workarounds was to stop the Print Spooler as well.

Disable Print Spooler via PowerShell

print spooler stop powershell

  1. Open Start.
  2. Type PowerShell.
  3. Select Run as administrator.
  4. Run Get-Service -Name Spooler to get the status of the print spooler-
  5. Run Stop-Service -Name Spooler -Force to stop the Print Spooler service.
  6. Run Set-Service -Name Spooler -StartupType Disabled to set the startup type of the service to disabled so that it is not activated on system start.

Disable Print Spooler via Services

print spooler service

You may also use the Services management interface to stop the Print Spooler service and set its startup type to disabled.

  1. Open Start.
  2. Type services.msc
  3. Locate the Print Spooler service. The list is sorted alphabetically by default.
  4. Right-click on Print Spooler and select Stop.
  5. Double-click on Print Spooler.
  6. Set the Startup Type to disabled.
  7. Select Ok.

Effect of the workaround

You won't be able to print anymore on the device if the Print Spooler service is not running. You could enable it on demand, e.g. just the moment before you start a new print job on the device, and turn it off afterwards again.

Summary
Microsoft suggests once again to disable the Print Spooler to protect against new 0-day vulnerability
Article Name
Microsoft suggests once again to disable the Print Spooler to protect against new 0-day vulnerability
Description
Microsoft disclosed a new 0-day vulnerability of the Print Spooler of its Windows operating system this week; no patch is available, but a workaround has been provided.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. George said on August 17, 2021 at 11:44 pm
    Reply

    It’s time for Microsoft to release a big, red hard-coded desktop on/off toggle/shortcut for the Print Spooler service.

  2. danman said on August 16, 2021 at 7:39 pm
    Reply

    LOL LOL LOL

  3. Software tester said on August 16, 2021 at 4:31 pm
    Reply

    If you want to disable the Print Spooler with just one click you can use “Fix Print Spooler v1.2” – it is portable freeware.
    https://www.sordum.org/9199/fix-print-spooler-v1-2/

  4. Anonymous said on August 16, 2021 at 9:59 am
    Reply

    Setting the service to manual instead of disabled allows you to ‘conveniently’ start and stop it from the task manager when you need to print and should be just as safe otherwise.

  5. Anonymous said on August 16, 2021 at 4:49 am
    Reply

    Makes you wonder how many more holes many more holes hackers will find in the print spooler. As with most problems, big users are most likely the target ahead of home users but probably not worth the risk of ignoring it when spooler is so easy to shut down and turn off.

  6. Anonymous said on August 16, 2021 at 12:56 am
    Reply

    There’s 10,000 other vulnerabilities in Windows still left to find and new ones created with each update. So get to work on those bug bounties you can make a fortune from all the bugs in Windows.

  7. Trey said on August 15, 2021 at 9:09 pm
    Reply

    Vulnerable via the internet/browser, or through a local network? I can’t find the details. Elevated privileges but how are they accessed?

  8. Haakon said on August 15, 2021 at 8:53 pm
    Reply

    I miss my printer cable, Star SG-10 printer and those nice DB25 ports ‘n plugs…

  9. John G. said on August 15, 2021 at 4:59 pm
    Reply

    “An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges.” I read somewhere that it is difficult enough to exploit this vulnerability, however thanks for the useful workaround @Martin! :]

  10. Mrs. James Bond said on August 15, 2021 at 4:26 pm
    Reply

    I disabled it…I only use printing once in a while so no problem. Next time I go to print I’ll either have to remember its disabled or maybe a notice will appear that its off? Exciting!

    1. Rush said on August 18, 2021 at 12:35 am
      Reply

      Despite the fact that everyone my age is older than me…(LOL ) that said, since I’ve retired, I’m

      more homely than ever, so,no need for a networked printer, especially wi-fi…. it’s USB direct from source.

      Very minimal print jobs these days. Printer can go weeks w/out use so……

      Win 8.1 – task mgr-services tab, I disable Print spooler and Printer extensions and notifications, I’m a bit over vigilant, that’s me. Of course only takes seconds to reverse
      the process.

    2. Dave Jones said on August 16, 2021 at 2:07 am
      Reply

      You can still print. The print job will go straight to your printer. Most printers have onboard RAM to spool the print job too. The windows print spooler is meant to take some of the load off of your printer and spool it locally. Too many print jobs all at once without the local windows print spooler can cause your printer to stall or not print. But if it is just you printing an occasional average size print job you should be fine. Just make sure your print drivers are working and installed.

    3. Freonpsandoz said on August 15, 2021 at 11:02 pm
      Reply

      That would work for me, but not for my wife. Per previous recommendations, I have disabled the print spooler “accept client connections” capability with the RegisterSpoolerRemoteRpcEndPoint registry item. This disables printer sharing capabilities, which are unnecessary if you have a networked printer. I suspect that the latest vulnerability also depends on the print spooler accepting client connections, so I’ll wait until there are more details before making additional changes.

  11. Martin P. said on August 15, 2021 at 1:33 pm
    Reply

    What is the CVE?

    1. Martin Brinkmann said on August 15, 2021 at 1:53 pm
      Reply
      1. Tom Scott said on October 19, 2021 at 2:37 am
        Reply

        I went to this site and see, “Update: September 14, 2021 – We have completed the investigation and have released the September 2021 security updates to address this vulnerability.” OK, that’s good.

        For about the last month, every time I reboot, the print and index services show “Disabled”. I have to manually enable them to “Automatic”, then start them. They work fine.

        Is there a way to get these two services to start automatically every time I reboot?

      2. Martin P. said on August 16, 2021 at 9:00 pm
        Reply

        Thanks Martin.

  12. Bobo said on August 15, 2021 at 12:33 pm
    Reply

    This is fantastic, especially in an office or a hospital. Printing is sooooo overrated anyway! Think of all the TREES you are saving!!!

  13. TelV said on August 15, 2021 at 11:25 am
    Reply

    Would setting the print spooler to Manual mitigate the services option Martin?

    1. Martin Brinkmann said on August 15, 2021 at 11:42 am
      Reply

      I think so, but it won’t help when it comes to printing. If you set the service to manual, no printers are recognized by Windows.

  14. Tom Hawack said on August 15, 2021 at 11:14 am
    Reply

    Imagine this at the times of Win3x, Win95, XP, 7, 8 … ‘would have initiated a planetary revolution! People then, especially before XP, were not addicted as they are nowadays, and at present, combined to the fact there is no alternative to Win10 accessible to the masses, people endure day after day Microsoft’s technical incompetence, together with their OS’ inquisition at every level.. more even: the very concept, architecture of Win10/11 is unhealthy : the OS is not correctly thought.

  15. black snail said on August 15, 2021 at 8:59 am
    Reply

    LOL! Poor, poor, MS. If only their code were open. Too bad, so sad.

    1. Meh said on September 24, 2021 at 12:28 am
      Reply

      Poor Poor user, if only you knew that development in malware for an operating system is proportionate to its popularity. And your open source OS is barely 2% of the Operating system market share with Mac 4 times more popular. I wonder which one of them is the actual poor poor OS ????

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.