Image: Microsoft

Microsoft has published an advisory pertaining to a new Windows print spooler remote code execution vulnerability that leverages code present in all versions of the operating system. Appropriately dubbed “PrintNightmare,” the vulnerability allows attackers to remotely execute code with system privileges, letting them install programs, delete data, and create accounts with full user rights. Microsoft has confirmed that the vulnerability is being actively exploited, but while there doesn’t seem to be an official fix yet, 0patch is offering temporary patches for Windows users who’d like to address the zero-day straight away. Other options include disabling the Print Spooler service or disabling inbound remote printing through Group Policy.

[…] CISA has also issued a notification on the PrintNightmare zero-day encouraging admins to disable the Windows Print Spooler service on servers not used for printing. Per Microsoft’s previous recommendations on how to mitigate risks on Domain controllers with Print spooler service running, the service should be disabled on all Domain Controllers and Active Directory admin systems via a Group Policy Object due to the increased exposure to attacks.

Sources: Microsoft, BleepingComputer (1, 2), The Verge

Don’t Miss Out on More FPS Review Content!

Our weekly newsletter includes a recap of our reviews and a run down of the most popular tech news that we published.

Join the Conversation

6 Comments

  1. Thanks for the heads up. I went ahead and used the Group Policy Editor to disable inbound remote printing.

  2. ahh, print spooler. . .one of the single most things I’ve seen that have issues in Windows 10. Whether it was caused by a crappy driver that Windows pulled from its own repository after an update or a PDF gone sideways causing the service to get clogged, and then tie up one of our network printers, and need extra effort to delete. Now this, oh joy.

  3. I can’t exactly disable remote printing since a large portion of our client base and employees print remotely.

    This is a big problem though. They better get a fix out pronto.

  4. Ugh…

    Why is “inbound remote printing” even something enabled by default on a machine that is not a print server?

    Did we forget the universal rule of computer security? Everything defaults to “off” and stays that way unless explicitly needed…

  5. [QUOTE=”Zarathustra, post: 37190, member: 203″]
    Ugh…

    Why is “inbound remote printing” even something enabled by default on a machine that is not a print server?

    Did we forget the universal rule of computer security? Everything defaults to “off” and stays that way unless explicitly needed…
    [/QUOTE]
    The new way is that you are opted in to everything automatically, and even if you manage to turn it off through some voodoo magic the next windows update will turn it right back for you.

  6. [QUOTE=”MadMummy76, post: 37204, member: 1298″]
    The new way is that you are opted in to everything automatically, and even if you manage to turn it off through some voodoo magic the next windows update will turn it right back for you.
    [/QUOTE]
    Sad but true and not just Windows either.

Leave a comment