Security News > 2021 > July > CISA: Disable Windows Print Spooler on servers not used for printing
The Cybersecurity and Infrastructure Security Agency has issued a notification regarding the critical PrintNightmare zero-day vulnerability and advises admins to disable the Windows Print Spooler service on servers not used for printing.
"CISA encourages administrators to disable the Windows Print spooler service in Domain Controllers and systems that do not print," the US federal agency said.
CERT/CC has released a Vulnerability Note flagging a critical remote code execution vulnerability "PrintNightmare" in the Windows Print spooler service.
Chinese security company Sangfor accidentally leaked a proof-of-concept exploit for the zero-day Windows Print Spooler vulnerability known as PrintNightmare, which allows attackers to take control of affected servers via remote code execution with SYSTEM privileges.
As 0Patch co-founder Mitja Kolsek discovered, the exploit published for the PrintNightmare bug doesn't target the CVE-2021-1675 vulnerability but, instead, an entirely different flaw also impacting the Windows Print Spooler service.
Security consulting company Lares has published PrintNightmare detection and remediation information on GitHub, together with details on how to stop and disable the Print Spooler service from the Group Policy settings or using a PowerShell script.
News URL
Related news
- CISA tags Windows, Cisco vulnerabilities as actively exploited (source)
- Microsoft fixes printing issues caused by January Windows updates (source)
- Recent Windows Server 2025 updates cause Remote Desktop freezes (source)
- Windows 10 KB5055518 update fixes random text when printing (source)
- Microsoft fixes auth issues on Windows Server, Windows 11 24H2 (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-08 | CVE-2021-1675 | Unspecified vulnerability in Microsoft products Windows Print Spooler Remote Code Execution Vulnerability | 0.0 |