Security News > 2021 > July > CISA: Disable Windows Print Spooler on servers not used for printing

The Cybersecurity and Infrastructure Security Agency has issued a notification regarding the critical PrintNightmare zero-day vulnerability and advises admins to disable the Windows Print Spooler service on servers not used for printing.

"CISA encourages administrators to disable the Windows Print spooler service in Domain Controllers and systems that do not print," the US federal agency said.

CERT/CC has released a Vulnerability Note flagging a critical remote code execution vulnerability "PrintNightmare" in the Windows Print spooler service.

Chinese security company Sangfor accidentally leaked a proof-of-concept exploit for the zero-day Windows Print Spooler vulnerability known as PrintNightmare, which allows attackers to take control of affected servers via remote code execution with SYSTEM privileges.

As 0Patch co-founder Mitja Kolsek discovered, the exploit published for the PrintNightmare bug doesn't target the CVE-2021-1675 vulnerability but, instead, an entirely different flaw also impacting the Windows Print Spooler service.

Security consulting company Lares has published PrintNightmare detection and remediation information on GitHub, together with details on how to stop and disable the Print Spooler service from the Group Policy settings or using a PowerShell script.

News URL

https://www.bleepingcomputer.com/news/security/cisa-disable-windows-print-spooler-on-servers-not-used-for-printing/