How to prevent a security threat from Windows’ PrintNightmare

by -
Photo: Diego Cervo (Shutterstock) – Hackers actively exploit the security defect, but the affected settings can be switched off. Microsoft warns that Windows’ Print Spooler code may be a major zero-day security flaw. While the severity of the vulnerability – known as “PrintNightmare” – has not been detected, it sounds quite bad.

The company states that external users can use PrintNightmare for higher administrator privileges and remotely execute code. In other words, it is an open invitation for hackers not to physically access the computer, nor to control the PC or install malware, ransomware, stealing or destroying important data, etc. Y’know, real things about black hat.

In all versions, including versions on personal computers, business networks, Windows Servers and the Dome Controllers, PrintNightmare affects the Windows Print Spooler. Worse, due to a fumbled proof-of-concept (PoC) attack PrintSpooler is already being actively exploited by hackers.

Sangfor Securities Researchers found that along with many other zero-day flaws in Sangfor’s Windows Print Spooler services, PrintNightmare exploit. In a forthcoming presentation on the flaws, the group established PoC. The researchers already thought of the vulnerabilities and published them on Github.

While, in fact, in the recent security update, Microsoft has patched some print spooler zero-day vulnerabilities, PrintNightmare remains uncontrolled. While PringNightmare PoC’s original Sangfar is no longer on Github, the project has been replicated before it could be dismissed.

Microsoft says a patch to fix the PrintNightmare flaw is working, but evidence is available to show that PoC exploit. The most vulnerable to exploit are businesses and users, but general users too can be at risk. The Windows Print Spooler service is being disabled on your PCs by Microsoft.

Network managers can disable (and restore) a Windows Print Spooler and a group policy Remote Printing but general users will need to disable it using Powershell commands to protect your PC from any threat to PrintNightmare:

  • To search for “Powershell,” use the taskbar or Windows start menu.
  • Right-click the “Run as administrator” option in Powershell.
  • Run the command to deactivate Windows Print Spooler at the Powershell prompt: -Stop-Service -Name Spooler -Force
  • Then execute this command to prevent Windows from restarting Print Spooler services: Set-Service -Name Spooler -StartupType Disabled

Keep your Windows Print Spooler services disabled until the patch of Microsoft is available in the near future and installed on your PC. Using the Set-Service -Name Spooler -StartupType Automatic and the start-service-Name Spooler commands, you can re-enable Print Spool Services on Powershell after it’s safely patched.